strrat | 97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317 | Triage

Sharing

General

Target

parcellabelorder.jar
Size

269KB
Sample

240726-h3slbstcnp
MD5

02838f5d8a7b250b4a402bab33dff28a
SHA1

85cc4280d888efe5d747330fe2423eaa41571060
SHA256

97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317
SHA512

fe2fc39fbe7ca50b78999222c7eac02113bac5a3ef03a266a761d5108a7d7acc730af8ac9e3d3f11b6e0e4b463820e60dbd4cf721ea97cdedb177a031b41b336
SSDEEP

3072:oNSF+wmsDOpmb3npKWUILc4f/l+nGJ82J4w8J16AbOOgMvux1ejZqgPnBB:o4gwmsqpmVgc/4ne80y1elMvjlqu

Score

10^/10

strrat stealer trojan

Malware Config

Extracted

Family

strrat

C2

lozado.duia.ro:9553

pingyoung.duckdns.org:7744

Attributes

license_id
MB4Q-SLG2-7HDN-EM52-K3JL
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
false
secondary_startup
true
startup
false

Targets

- Target
  
  parcellabelorder.jar
- Size
  
  269KB
- MD5
  
  02838f5d8a7b250b4a402bab33dff28a
- SHA1
  
  85cc4280d888efe5d747330fe2423eaa41571060
- SHA256
  
  97c286c75e026d80a7dbdd4ec83e6790f1f7870cc55ed3a6ba1ac6930038c317
- SHA512
  
  fe2fc39fbe7ca50b78999222c7eac02113bac5a3ef03a266a761d5108a7d7acc730af8ac9e3d3f11b6e0e4b463820e60dbd4cf721ea97cdedb177a031b41b336
- SSDEEP
  
  3072:oNSF+wmsDOpmb3npKWUILc4f/l+nGJ82J4w8J16AbOOgMvux1ejZqgPnBB:o4gwmsqpmVgc/4ne80y1elMvjlqu
Score

10^/10

strrat stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

strratstealertrojan