strrat | ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c | Triage

Sharing

General

Target

ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c.zip
Size

452KB
Sample

240607-j4eljaec54
MD5

96c7a130ac35505293e7766f058a6d07
SHA1

05638c895529fb2d7249b87c4250ab299fa4f937
SHA256

ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c
SHA512

9d3fe14608a995cad1d0ac80d49b40fe213dfa289c396987bc9c0e992608d336cf7aee71a5bdb8c869859b0a286d50f1781a4875b2e47d54143d46110b6ed065
SSDEEP

12288:KUzrcAYk32MH/M9knDQPGrotZy69vMhUQztrqVOH:pcAYkmMfsIyKotZJ9vMhUQzJoM

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Targets

- Target
  
  ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c.zip
- Size
  
  452KB
- MD5
  
  96c7a130ac35505293e7766f058a6d07
- SHA1
  
  05638c895529fb2d7249b87c4250ab299fa4f937
- SHA256
  
  ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c
- SHA512
  
  9d3fe14608a995cad1d0ac80d49b40fe213dfa289c396987bc9c0e992608d336cf7aee71a5bdb8c869859b0a286d50f1781a4875b2e47d54143d46110b6ed065
- SSDEEP
  
  12288:KUzrcAYk32MH/M9knDQPGrotZy69vMhUQztrqVOH:pcAYkmMfsIyKotZJ9vMhUQzJoM
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan