strrat | e867fceff6c94157508b6b4f779e5d1ba1e624b10b176f4ca4a9d3db8daa1608 | Triage

Sharing

General

Target

PO-240722THP.jar
Size

400KB
Sample

240806-gmgcpa1ejl
MD5

4516f3c8f31a3df10b9c5c0295f22d14
SHA1

5d58d6cee6a3c84438f379ed618a9d76ba75cfa0
SHA256

e867fceff6c94157508b6b4f779e5d1ba1e624b10b176f4ca4a9d3db8daa1608
SHA512

e2ed607da7c07bbbc6dea89f44ef3d79e2919b7a9fab5cad38a3c051c4ddcab14e1b8f9510569bfc8783baf4bc79764217566b6252dee83638f9aeb40f93d181
SSDEEP

12288:2rRKHTm5srLXDZsfv7f35f6zc/BP9iNeD:2duTm5CiTpzP9QC

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  PO-240722THP.jar
- Size
  
  400KB
- MD5
  
  4516f3c8f31a3df10b9c5c0295f22d14
- SHA1
  
  5d58d6cee6a3c84438f379ed618a9d76ba75cfa0
- SHA256
  
  e867fceff6c94157508b6b4f779e5d1ba1e624b10b176f4ca4a9d3db8daa1608
- SHA512
  
  e2ed607da7c07bbbc6dea89f44ef3d79e2919b7a9fab5cad38a3c051c4ddcab14e1b8f9510569bfc8783baf4bc79764217566b6252dee83638f9aeb40f93d181
- SSDEEP
  
  12288:2rRKHTm5srLXDZsfv7f35f6zc/BP9iNeD:2duTm5CiTpzP9QC
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan