strrat | 316032ba749aa4cda9f8db6963e9b8b6f10ef6e0a31760d716815cf79828ce55 | Triage

Resubmissions

08-08-2024 14:28

240808-rtgxxaybqg 10

07-08-2024 01:15

240807-bl91qawgjq 10

Sharing

General

Target

316032ba749aa4cda9f8db6963e9b8b6f10ef6e0a31760d716815cf79828ce55.jar
Size

400KB
Sample

240808-rtgxxaybqg
MD5

8352685f41275e213e460ced90c988eb
SHA1

66d7398a756d1829587b795511a6a601b17110b1
SHA256

316032ba749aa4cda9f8db6963e9b8b6f10ef6e0a31760d716815cf79828ce55
SHA512

e70ef25eccce76111dd2c0b7d2bc7f5130963fa65447ec5f596846e3a2cb4b47d45dd007cac2d66d30f32dcd9a18469012cf9a8cf208286d339f0d57f7cec0fb
SSDEEP

12288:eLxmHTG54XfLDZcvv7f3JvyTcftP9iNiW:eNiTG5Gyj5vP9QT

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  316032ba749aa4cda9f8db6963e9b8b6f10ef6e0a31760d716815cf79828ce55.jar
- Size
  
  400KB
- MD5
  
  8352685f41275e213e460ced90c988eb
- SHA1
  
  66d7398a756d1829587b795511a6a601b17110b1
- SHA256
  
  316032ba749aa4cda9f8db6963e9b8b6f10ef6e0a31760d716815cf79828ce55
- SHA512
  
  e70ef25eccce76111dd2c0b7d2bc7f5130963fa65447ec5f596846e3a2cb4b47d45dd007cac2d66d30f32dcd9a18469012cf9a8cf208286d339f0d57f7cec0fb
- SSDEEP
  
  12288:eLxmHTG54XfLDZcvv7f3JvyTcftP9iNiW:eNiTG5Gyj5vP9QT
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan