strrat | ed41f1a75fc6e0e049e815903dac8c52e12ae6212103e9002206f0dd14ea44db | Triage

Sharing

General

Target

ORDER_247068846.pdf.jar
Size

208KB
Sample

240607-ghfklaad7y
MD5

4a8fb5a583ce8359221745c1962bfdcc
SHA1

27165892e02294dcf85c24ff9b942fdecabfd145
SHA256

ed41f1a75fc6e0e049e815903dac8c52e12ae6212103e9002206f0dd14ea44db
SHA512

8a8fca2a416892b560ea7b80c0045976a51469067539a640a3c2caa0eca682243c3ea4e86d186114bebdbb6e957887a8ea9ea92846d6d30aa37c5b1da129cbeb
SSDEEP

3072:IjVE+tfBfElDMyi+EJOAARy3qVmefPC+TfSf0jB90VJTdTqET7eGipBfNvH:IplBOQKAA+t6BusiVJTdqigBl/

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

chongmei33.publicvm.com:44662

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  ORDER_247068846.pdf.jar
- Size
  
  208KB
- MD5
  
  4a8fb5a583ce8359221745c1962bfdcc
- SHA1
  
  27165892e02294dcf85c24ff9b942fdecabfd145
- SHA256
  
  ed41f1a75fc6e0e049e815903dac8c52e12ae6212103e9002206f0dd14ea44db
- SHA512
  
  8a8fca2a416892b560ea7b80c0045976a51469067539a640a3c2caa0eca682243c3ea4e86d186114bebdbb6e957887a8ea9ea92846d6d30aa37c5b1da129cbeb
- SSDEEP
  
  3072:IjVE+tfBfElDMyi+EJOAARy3qVmefPC+TfSf0jB90VJTdTqET7eGipBfNvH:IplBOQKAA+t6BusiVJTdqigBl/
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan