strrat | 47886afbf41e60e7b6174bb65bb1502c64d9d40c75fc6fe0bd4c7ab891f4ccf9 | Triage

Sharing

General

Target

47886afbf41e60e7b6174bb65bb1502c64d9d40c75fc6fe0bd4c7ab891f4ccf9.zip
Size

276KB
Sample

240717-v4v43a1ejj
MD5

1f031046fbf385b7ceada7e643bdb9d9
SHA1

ccd44696643f116003d68fbd98e7ec8b31ef2e49
SHA256

47886afbf41e60e7b6174bb65bb1502c64d9d40c75fc6fe0bd4c7ab891f4ccf9
SHA512

354245ca8f0879497c0456da0c959f7e0b79c656ffacd04f5363e72d6e560d24458087e4c5d8b24ab45a7b031a1f9f9f593c93039463dcf04e79f3cf3fd7bad9
SSDEEP

6144:mge8OZJ39u4n6wBC03Riha1e9hLTt7+7WNZI9:JDOD9h6wU03/1e9tTtnNZI9

Score

10^/10

strrat persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

iyiochalogs.myddns.com:8082

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  47886afbf41e60e7b6174bb65bb1502c64d9d40c75fc6fe0bd4c7ab891f4ccf9.zip
- Size
  
  276KB
- MD5
  
  1f031046fbf385b7ceada7e643bdb9d9
- SHA1
  
  ccd44696643f116003d68fbd98e7ec8b31ef2e49
- SHA256
  
  47886afbf41e60e7b6174bb65bb1502c64d9d40c75fc6fe0bd4c7ab891f4ccf9
- SHA512
  
  354245ca8f0879497c0456da0c959f7e0b79c656ffacd04f5363e72d6e560d24458087e4c5d8b24ab45a7b031a1f9f9f593c93039463dcf04e79f3cf3fd7bad9
- SSDEEP
  
  6144:mge8OZJ39u4n6wBC03Riha1e9hLTt7+7WNZI9:JDOD9h6wU03/1e9tTtnNZI9
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan