strrat | 04dd324077d3fc3c5d1bf6a7e2692dd9030867efb979309f58944bc0d86be5d9 | Triage

Sharing

General

Target

STRISTART.jar
Size

91KB
Sample

240524-eclhjsbh4x
MD5

ce57eae7c22979b71802ee9acb4bad4f
SHA1

beed9e7131c475286be70ebb2ec893523cfa877c
SHA256

04dd324077d3fc3c5d1bf6a7e2692dd9030867efb979309f58944bc0d86be5d9
SHA512

d166392c9edd5d369b85393daabe8f77f33ecc27fe40b3610a861d74ebad044e20b3b45e39f19b9cb983da4e76f19145e74bc3987f6b4ddedcb5dfc735f4869f
SSDEEP

1536:ZWrAxbeF1Mr45Ldk1PQQ3am3AdnzPPxy0Ic5iqWOX+FnI7zs7G+GQltOw9P4:+EbD4U1P9A5PJy0vcOXxHs73xtz9P4

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

173.212.199.134:1780

kimboy1.duckdns.org:1788

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  STRISTART.jar
- Size
  
  91KB
- MD5
  
  ce57eae7c22979b71802ee9acb4bad4f
- SHA1
  
  beed9e7131c475286be70ebb2ec893523cfa877c
- SHA256
  
  04dd324077d3fc3c5d1bf6a7e2692dd9030867efb979309f58944bc0d86be5d9
- SHA512
  
  d166392c9edd5d369b85393daabe8f77f33ecc27fe40b3610a861d74ebad044e20b3b45e39f19b9cb983da4e76f19145e74bc3987f6b4ddedcb5dfc735f4869f
- SSDEEP
  
  1536:ZWrAxbeF1Mr45Ldk1PQQ3am3AdnzPPxy0Ic5iqWOX+FnI7zs7G+GQltOw9P4:+EbD4U1P9A5PJy0vcOXxHs73xtz9P4
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan