strrat | 577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a | Triage

Sharing

General

Target

parcel_label_photo.jar
Size

269KB
Sample

240819-ql8vzszbpj
MD5

829d44fb0c9719389cc4a191713e2a8b
SHA1

261eeaf23d8aadcdbb460eb78b6d37128b948762
SHA256

577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a
SHA512

f2879605b296203b5d852a5f75705a25d8577a788981a5353f7ae45d1eb58773462413893be7ca1a5bb2cdf95a966591e849d8146e388a8cb9cb512bd09ca330
SSDEEP

3072:UN8T+EmCfoDab3nBKuUILo4pnl6nGJ8Op6weJ1C6bO3DMAuHNJjiKgPnq5:UCiEmCgDat0KnEne8UW1wzMAmuK3

Score

10^/10

strrat stealer trojan

Malware Config

Extracted

Family

strrat

C2

lozado.duia.ro:9553

pingyoung.duckdns.org:9553

Attributes

license_id
MB4Q-SLG2-7HDN-EM52-K3JL
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
false
secondary_startup
true
startup
false

Targets

- Target
  
  parcel_label_photo.jar
- Size
  
  269KB
- MD5
  
  829d44fb0c9719389cc4a191713e2a8b
- SHA1
  
  261eeaf23d8aadcdbb460eb78b6d37128b948762
- SHA256
  
  577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a
- SHA512
  
  f2879605b296203b5d852a5f75705a25d8577a788981a5353f7ae45d1eb58773462413893be7ca1a5bb2cdf95a966591e849d8146e388a8cb9cb512bd09ca330
- SSDEEP
  
  3072:UN8T+EmCfoDab3nBKuUILo4pnl6nGJ8Op6weJ1C6bO3DMAuHNJjiKgPnq5:UCiEmCgDat0KnEne8UW1wzMAmuK3
Score

10^/10

strrat stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

strratstealertrojan