strrat | eec8d2a36caf6e46308dd647eab802a7aa3926ec93835f68bba2143194dc49d6 | Triage

Sharing

General

Target

eec8d2a36caf6e46308dd647eab802a7aa3926ec93835f68bba2143194dc49d6
Size

216KB
Sample

240511-jkkcnseb7v
MD5

3cdf6de2490eeb68aaafd02b9e980aa5
SHA1

8c30590b9b8ab3bd80dcd40e5bdd9eabb5e89b0c
SHA256

eec8d2a36caf6e46308dd647eab802a7aa3926ec93835f68bba2143194dc49d6
SHA512

a4ab73992dde42533c2e056fdbc2ae675db3d90386d77a4bc4ce2cba27e49a9eec9778df2a1941851e5035d49ac2038074bd49d2767529d75f2056c8110e7831
SSDEEP

6144:Qbf8/CORFXGqpoPXaXSFcjfcc7MXZKlBo:K6CGGXPqCuosuZKlBo

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf.jar
- Size
  
  216KB
- MD5
  
  d553f70a48745ac7fd556cfa45efbc9c
- SHA1
  
  f4fb627758fb70518a2fb6a89be2ff3ea40241f8
- SHA256
  
  50138aa6c36152d659a239c8877faa875d18152fa56c63fada3fc8a69d0719bf
- SHA512
  
  7e6aceae21bd99063d870e61dcbe39c6f19adfa4268bf91734953119a6a78428d6c1e3f44d40c56ed0cfae2df023ea8a60b09ed2acf48bc722dcd7a2d82933c2
- SSDEEP
  
  6144:8qnzpwCDhLMFZOo5WK9+TkfFNkW00canghqSiqnXrrzGFA:XzpQZFkgtNwJkgMYXrB
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan