strrat | 68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db | Triage

Sharing

General

Target

68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db.js
Size

346KB
Sample

240511-kgp97ahc4s
MD5

6e5f677f16815e0933d379f50581bea6
SHA1

2f5416c1927fb6b81241bb96eee69befa31b55f9
SHA256

68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db
SHA512

727919e1be0223607964997a6951c6d117ef51c9eca4cb38de9834f7e7dd56eaa5bd0aafb6f3a9774103c8d9fc0bc155f9fa09abf2416e773673e77ba62548ff
SSDEEP

6144:VqawNPADGrly8y0L5+zf+S1gWpfu61c74xBBKLrUei1nOb+qgJHOAPk4YEUV18E:oNPAyobfu6A5rTb+TXPrwl

Score

10^/10

strrat collection discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db.js
- Size
  
  346KB
- MD5
  
  6e5f677f16815e0933d379f50581bea6
- SHA1
  
  2f5416c1927fb6b81241bb96eee69befa31b55f9
- SHA256
  
  68ba175a6363ed62824fb066933974588127b63d007f00b9f147845cebae45db
- SHA512
  
  727919e1be0223607964997a6951c6d117ef51c9eca4cb38de9834f7e7dd56eaa5bd0aafb6f3a9774103c8d9fc0bc155f9fa09abf2416e773673e77ba62548ff
- SSDEEP
  
  6144:VqawNPADGrly8y0L5+zf+S1gWpfu61c74xBBKLrUei1nOb+qgJHOAPk4YEUV18E:oNPAyobfu6A5rTb+TXPrwl
Score

10^/10

execution strrat collection discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratcollectiondiscoveryexecutionpersistencestealertrojan