strrat | 40c97f136f72b6613c9f947c7e1fe112706eae5c574902dd1904f80b0fc1d212 | Triage

Sharing

General

Target

Ziraat Bankasi Swift Mesaji.js
Size

353KB
Sample

240514-jdjskafc3y
MD5

f1e972166f46d1b17250e076b3c9d048
SHA1

29de44cb79d7b60ecd0ccfc293dc137aadf70767
SHA256

40c97f136f72b6613c9f947c7e1fe112706eae5c574902dd1904f80b0fc1d212
SHA512

c7e3947eb45dbad441674f7f469edfdb2c385419c7583141995ed71cdd2faf8bb86248a12c2fbf7dcabdc45ba673ed35830e4ab75f439daf06631b19e7c734a4
SSDEEP

6144:CjTqNadgJXXiQu87UE2tajU7RP4Y/oj3i+R/2RCO0VVQc6xZzHAOjnRKjoXBKZRG:CaAd0XXiw5jX+E3/WzpnlwJjXXyGe3

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji.js
- Size
  
  353KB
- MD5
  
  f1e972166f46d1b17250e076b3c9d048
- SHA1
  
  29de44cb79d7b60ecd0ccfc293dc137aadf70767
- SHA256
  
  40c97f136f72b6613c9f947c7e1fe112706eae5c574902dd1904f80b0fc1d212
- SHA512
  
  c7e3947eb45dbad441674f7f469edfdb2c385419c7583141995ed71cdd2faf8bb86248a12c2fbf7dcabdc45ba673ed35830e4ab75f439daf06631b19e7c734a4
- SSDEEP
  
  6144:CjTqNadgJXXiQu87UE2tajU7RP4Y/oj3i+R/2RCO0VVQc6xZzHAOjnRKjoXBKZRG:CaAd0XXiw5jX+E3/WzpnlwJjXXyGe3
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan