strrat | 11a903ab8c985f88daf70ba21d9b40b5df8efc33ddd0aa8dfeb4b9cd82b898fd | Triage

Sharing

General

Target

11a903ab8c985f88daf70ba21d9b40b5df8efc33ddd0aa8dfeb4b9cd82b898fd
Size

295KB
Sample

240511-jrljbahe93
MD5

396d79eeb1c91b68a69e72ec0a110ff9
SHA1

c14e54b88ae446f7859a3c9dad26a16e3db11489
SHA256

11a903ab8c985f88daf70ba21d9b40b5df8efc33ddd0aa8dfeb4b9cd82b898fd
SHA512

4b7209de261738c7e76fa2b11ade1aef9289c17a7c0e2ea2ea7a7ed5501a61decb9473a12b71d2d34d1cc203c755e238839ac0d1a220fb59bb217252efcfb357
SSDEEP

6144:7fnbBzaAtkrdjsVaakQYw/aysXshNJyyTyiJNi0Rv0Dt:j5aAtkrSZBT/aysuNJyyui75mDt

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  f224a2adc08aef0c0fc1899d4ba8aa52e3c608ef2b294dec6d72590dfcb91614.js
- Size
  
  443KB
- MD5
  
  cdc0ff3b2e6bd8e1a0d09ff010c2c899
- SHA1
  
  e15ab2d20673e273eb9698894c9f1ef07a893999
- SHA256
  
  f224a2adc08aef0c0fc1899d4ba8aa52e3c608ef2b294dec6d72590dfcb91614
- SHA512
  
  787ea82b4404ff50f77f18b36f60071551e8a80810e52d92fac6c89e06baa66bb3d0f09970c5a043273416a3aa92b99b74ae8e2a1f6d66f30c1bd92a282deea9
- SSDEEP
  
  6144:ZQOOkQsu5kVH5fRAZmyUzxDRqns5D9rmqJ1UnYUB48xM91Y1WziypzkAkaM1kxKm:HVuGZq6xDk8H1cYm48xMYCkbprC
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan