strrat | d3a09982471977a805269a08024fa2c6881385a219a7db0e198ed10829f68147 | Triage

Sharing

General

Target

OrderDetails.js
Size

844KB
Sample

240530-g6mntahc61
MD5

6a1c5084f6ab9730c978f152934ea415
SHA1

70bfed071fdd2bd7d2e17a26703b922f9fb59198
SHA256

d3a09982471977a805269a08024fa2c6881385a219a7db0e198ed10829f68147
SHA512

cc08032544a97cb69a725b3c23e99999b528da3adc240745c79d3c4f65eb2481b30f04d3a1a140119c900bac1fa01c47eee0f09ef27a963761df749c0ea9f686
SSDEEP

1536:XQX3Q+psvIc+PY6t+ZF90EPTY1feon8ZagilDc8G5AyYWuVBoEFgJd2OVmDSW4CU:XQHV6PNS9KiWEqESW46g

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  OrderDetails.js
- Size
  
  844KB
- MD5
  
  6a1c5084f6ab9730c978f152934ea415
- SHA1
  
  70bfed071fdd2bd7d2e17a26703b922f9fb59198
- SHA256
  
  d3a09982471977a805269a08024fa2c6881385a219a7db0e198ed10829f68147
- SHA512
  
  cc08032544a97cb69a725b3c23e99999b528da3adc240745c79d3c4f65eb2481b30f04d3a1a140119c900bac1fa01c47eee0f09ef27a963761df749c0ea9f686
- SSDEEP
  
  1536:XQX3Q+psvIc+PY6t+ZF90EPTY1feon8ZagilDc8G5AyYWuVBoEFgJd2OVmDSW4CU:XQHV6PNS9KiWEqESW46g
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan