strrat | f8e4c56ef49ada4ef559292bada86a85db5b4a924ed1cb593c72f32655af3e66 | Triage

Sharing

General

Target

25072024_0634_duty1.jar
Size

202KB
Sample

240725-hb9erstdpr
MD5

482bd2427eaf1fe50697919c6741ae82
SHA1

28f52c11312a36688d8e56cbfada4d9983efa1fb
SHA256

f8e4c56ef49ada4ef559292bada86a85db5b4a924ed1cb593c72f32655af3e66
SHA512

77c7b0fcb1ba3061546f6f12af1b1cb4f1195f92a8f4aa1454eb482e4a9ea315d51dc7edf075b240d7f8b650a4ce7cad8c426f57406d27d8f7518abfea570191
SSDEEP

6144:EWPeWfEqDo2s3Jm+7UNkEbVmoDU/U37Pa:6Rqls3JHCkrfai

Score

10^/10

strrat collection credential_access persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

94.156.68.149:1616

Attributes

license_id
LY6A-TUCK-H5Q0-C3NO-6XHG
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  25072024_0634_duty1.jar
- Size
  
  202KB
- MD5
  
  482bd2427eaf1fe50697919c6741ae82
- SHA1
  
  28f52c11312a36688d8e56cbfada4d9983efa1fb
- SHA256
  
  f8e4c56ef49ada4ef559292bada86a85db5b4a924ed1cb593c72f32655af3e66
- SHA512
  
  77c7b0fcb1ba3061546f6f12af1b1cb4f1195f92a8f4aa1454eb482e4a9ea315d51dc7edf075b240d7f8b650a4ce7cad8c426f57406d27d8f7518abfea570191
- SSDEEP
  
  6144:EWPeWfEqDo2s3Jm+7UNkEbVmoDU/U37Pa:6Rqls3JHCkrfai
Score

10^/10

strrat collection credential_access persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratcollectioncredential_accesspersistencestealertrojan