strrat | d1b67ec03fa5c71df2f2f90263bd69a9626cba5922c9acfb7ca2af73c8db614c | Triage

Sharing

General

Target

NCALayerServer.jar
Size

260KB
Sample

240730-qlf5zavfpe
MD5

db1f4f896485b042cee363e2f33d2f55
SHA1

b6a25190e6aaea8fcfd53b734b68e3c7065f837e
SHA256

d1b67ec03fa5c71df2f2f90263bd69a9626cba5922c9acfb7ca2af73c8db614c
SHA512

c898f6d8c34499104da762314ec5bd613dbe24e4d3b0eb86603900ba9d334c8b801132943a4419f3dad4865782953db1bfa4ce9161693b32a2b24c3a3e45fa9d
SSDEEP

6144:MkAm2Q8QUhqVMZFbCTgCLqZn5gh1+A9l8:MJmIZeTgCLq0u

Score

10^/10

strrat persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

https://pastebin.com/raw/67b8GSUQ:13777

https://pastebin.com/raw/8umPhg86:13778

Attributes

license_id
RPTV-2M8W-MG8W-F8QN-9ERV
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  NCALayerServer.jar
- Size
  
  260KB
- MD5
  
  db1f4f896485b042cee363e2f33d2f55
- SHA1
  
  b6a25190e6aaea8fcfd53b734b68e3c7065f837e
- SHA256
  
  d1b67ec03fa5c71df2f2f90263bd69a9626cba5922c9acfb7ca2af73c8db614c
- SHA512
  
  c898f6d8c34499104da762314ec5bd613dbe24e4d3b0eb86603900ba9d334c8b801132943a4419f3dad4865782953db1bfa4ce9161693b32a2b24c3a3e45fa9d
- SSDEEP
  
  6144:MkAm2Q8QUhqVMZFbCTgCLqZn5gh1+A9l8:MJmIZeTgCLq0u
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan