strrat | 5a4ad96a02cd36c3bedbc7e54a95c60165f72e398b59606d86d3990bd833a6b7 | Triage

Sharing

General

Target

5a4ad96a02cd36c3bedbc7e54a95c60165f72e398b59606d86d3990bd833a6b7.jar
Size

218KB
Sample

240512-bmf42acd97
MD5

3821d42433e37c5a5b7eeaa4d55ec92b
SHA1

3745f526fd0b49610927d22b3c3e714967b1b6dd
SHA256

5a4ad96a02cd36c3bedbc7e54a95c60165f72e398b59606d86d3990bd833a6b7
SHA512

e3aea58ea9e9ee62c7a01daae11952d95ba5b08505433be82b03a8c5a15538a1e60dc46f41a7abb83a4284103aac5f1e3ac7d5d8a65bee508c5589b0e80480d9
SSDEEP

6144:xIjeiHtSNJO57o/h9++wT+r3lAkzlD/RDFa:xFiNSjO57o/h94T+ZAkh6

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  5a4ad96a02cd36c3bedbc7e54a95c60165f72e398b59606d86d3990bd833a6b7.jar
- Size
  
  218KB
- MD5
  
  3821d42433e37c5a5b7eeaa4d55ec92b
- SHA1
  
  3745f526fd0b49610927d22b3c3e714967b1b6dd
- SHA256
  
  5a4ad96a02cd36c3bedbc7e54a95c60165f72e398b59606d86d3990bd833a6b7
- SHA512
  
  e3aea58ea9e9ee62c7a01daae11952d95ba5b08505433be82b03a8c5a15538a1e60dc46f41a7abb83a4284103aac5f1e3ac7d5d8a65bee508c5589b0e80480d9
- SSDEEP
  
  6144:xIjeiHtSNJO57o/h9++wT+r3lAkzlD/RDFa:xFiNSjO57o/h94T+ZAkh6
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan