strrat | 1bd5f11c88334c440d72982ef956f3bf0b0fde0ce68f6ceb7e0822452d840a71 | Triage

Sharing

General

Target

PO-240722THP.jar
Size

400KB
Sample

240805-he714sshmg
MD5

8fdfc7ab8ff744fe2ce01f2af8be5e7a
SHA1

33b2ab7cbb8071e95cc46bda92910808cf063d6e
SHA256

1bd5f11c88334c440d72982ef956f3bf0b0fde0ce68f6ceb7e0822452d840a71
SHA512

3aa6f9071e34c56b1db611f96b6eaefd6a9133822863b6202cae6825d51ba7982766443b54f19056711b05f48ef58f1d183fcd738650c7985f8eb37c9b46ab82
SSDEEP

12288:4CgAHTZ5xGGSDVs2v7c3f4ivcG7P9iNce:4hkTZ5rUYPVP9QL

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  PO-240722THP.jar
- Size
  
  400KB
- MD5
  
  8fdfc7ab8ff744fe2ce01f2af8be5e7a
- SHA1
  
  33b2ab7cbb8071e95cc46bda92910808cf063d6e
- SHA256
  
  1bd5f11c88334c440d72982ef956f3bf0b0fde0ce68f6ceb7e0822452d840a71
- SHA512
  
  3aa6f9071e34c56b1db611f96b6eaefd6a9133822863b6202cae6825d51ba7982766443b54f19056711b05f48ef58f1d183fcd738650c7985f8eb37c9b46ab82
- SSDEEP
  
  12288:4CgAHTZ5xGGSDVs2v7c3f4ivcG7P9iNce:4hkTZ5rUYPVP9QL
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan