strrat | 577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar
Size

269KB
MD5

829d44fb0c9719389cc4a191713e2a8b
SHA1

261eeaf23d8aadcdbb460eb78b6d37128b948762
SHA256

577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a
SHA512

f2879605b296203b5d852a5f75705a25d8577a788981a5353f7ae45d1eb58773462413893be7ca1a5bb2cdf95a966591e849d8146e388a8cb9cb512bd09ca330
SSDEEP

3072:UN8T+EmCfoDab3nBKuUILo4pnl6nGJ8Op6weJ1C6bO3DMAuHNJjiKgPnq5:UCiEmCgDat0KnEne8UW1wzMAmuK3

Score

10^/10

strrat stealer trojan

Malware Config

Extracted

Family

strrat

lozado.duia.ro:9553

pingyoung.duckdns.org:9553

Attributes

license_id
MB4Q-SLG2-7HDN-EM52-K3JL
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
false
secondary_startup
true
startup
false

Signatures

STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
trojan stealer strrat

Drops startup file 1 IoCs

Processes:

java.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar	java.exe

Loads dropped DLL 1 IoCs

Processes:

java.exe

pid	Process
736	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

java.exejava.exe

description	pid	Process	procid_target
PID 1192 wrote to memory of 688	1192	java.exe	95
PID 1192 wrote to memory of 688	1192	java.exe	95
PID 688 wrote to memory of 736	688	java.exe	97
PID 688 wrote to memory of 736	688	java.exe	97

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar"
  2⤵
  - Drops startup file
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar"
    3⤵
    - Loads dropped DLL
    PID:736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
1e0f743c1c2d9c5b37e95b6a406499df

SHA1
8a5d0a6895321bc8a62c0d8febe1779a8da36c68

SHA256
542d391c418b33c7039156be48e497feedc28c101b4fb14354b33a5a77ef6964

SHA512
e110376d286fe9a97c1d27da1593655dfd6ea5e9750fdfc17140a00393999d7af5e0395af67dec9914e5cb2c8bdbd2187fd443bc6236c28469001545a114164b

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar

Filesize
269KB

MD5
829d44fb0c9719389cc4a191713e2a8b

SHA1
261eeaf23d8aadcdbb460eb78b6d37128b948762

SHA256
577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a

SHA512
f2879605b296203b5d852a5f75705a25d8577a788981a5353f7ae45d1eb58773462413893be7ca1a5bb2cdf95a966591e849d8146e388a8cb9cb512bd09ca330

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna6951243448024926388.dll

Filesize
241KB

MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1194130065-3471212556-1656947724-1000\83aa4cc77f591dfc2374580bbd95f6ba_a53bb4ca-6113-48bb-9609-441860fdd0d7

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\lib\jna-5.5.0.jar

Filesize
1.4MB

MD5
acfb5b5fd9ee10bf69497792fd469f85

SHA1
0e0845217c4907822403912ad6828d8e0b256208

SHA256
b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e

SHA512
e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa

Download Submit
C:\Users\Admin\lib\jna-platform-5.5.0.jar

Filesize
2.6MB

MD5
2f4a99c2758e72ee2b59a73586a2322f

SHA1
af38e7c4d0fc73c23ecd785443705bfdee5b90bf

SHA256
24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5

SHA512
b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494

Download Submit
C:\Users\Admin\lib\sqlite-jdbc-3.14.2.1.jar

Filesize
4.1MB

MD5
b33387e15ab150a7bf560abdc73c3bec

SHA1
66b8075784131f578ef893fd7674273f709b9a4c

SHA256
2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491

SHA512
25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279

Download Submit
C:\Users\Admin\lib\system-hook-3.5.jar

Filesize
772KB

MD5
e1aa38a1e78a76a6de73efae136cdb3a

SHA1
c463da71871f780b2e2e5dba115d43953b537daf

SHA256
2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609

SHA512
fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d

Download Submit
memory/688-212-0x000001801A3B0000-0x000001801A3B1000-memory.dmp

Filesize
4KB

Download
memory/736-269-0x0000019DA6BB0000-0x0000019DA6BB1000-memory.dmp

Filesize
4KB

Download
memory/1192-103-0x00000221B1620000-0x00000221B1630000-memory.dmp

Filesize
64KB

Download
memory/1192-36-0x00000221B15A0000-0x00000221B15B0000-memory.dmp

Filesize
64KB

Download
memory/1192-26-0x00000221B1570000-0x00000221B1580000-memory.dmp

Filesize
64KB

Download
memory/1192-28-0x00000221B1590000-0x00000221B15A0000-memory.dmp

Filesize
64KB

Download
memory/1192-35-0x00000221B12A0000-0x00000221B1510000-memory.dmp

Filesize
2.4MB

Download
memory/1192-38-0x00000221B15B0000-0x00000221B15C0000-memory.dmp

Filesize
64KB

Download
memory/1192-37-0x00000221B1510000-0x00000221B1520000-memory.dmp

Filesize
64KB

Download
memory/1192-110-0x00000221B1640000-0x00000221B1650000-memory.dmp

Filesize
64KB

Download
memory/1192-40-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-42-0x00000221B15C0000-0x00000221B15D0000-memory.dmp

Filesize
64KB

Download
memory/1192-41-0x00000221B1520000-0x00000221B1530000-memory.dmp

Filesize
64KB

Download
memory/1192-52-0x00000221B15F0000-0x00000221B1600000-memory.dmp

Filesize
64KB

Download
memory/1192-53-0x00000221B1560000-0x00000221B1570000-memory.dmp

Filesize
64KB

Download
memory/1192-51-0x00000221B15E0000-0x00000221B15F0000-memory.dmp

Filesize
64KB

Download
memory/1192-50-0x00000221B1550000-0x00000221B1560000-memory.dmp

Filesize
64KB

Download
memory/1192-49-0x00000221B1540000-0x00000221B1550000-memory.dmp

Filesize
64KB

Download
memory/1192-45-0x00000221B15D0000-0x00000221B15E0000-memory.dmp

Filesize
64KB

Download
memory/1192-44-0x00000221B1530000-0x00000221B1540000-memory.dmp

Filesize
64KB

Download
memory/1192-54-0x00000221B1600000-0x00000221B1610000-memory.dmp

Filesize
64KB

Download
memory/1192-59-0x00000221B1610000-0x00000221B1620000-memory.dmp

Filesize
64KB

Download
memory/1192-58-0x00000221B1580000-0x00000221B1590000-memory.dmp

Filesize
64KB

Download
memory/1192-57-0x00000221B1570000-0x00000221B1580000-memory.dmp

Filesize
64KB

Download
memory/1192-62-0x00000221B1620000-0x00000221B1630000-memory.dmp

Filesize
64KB

Download
memory/1192-63-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-66-0x00000221B15A0000-0x00000221B15B0000-memory.dmp

Filesize
64KB

Download
memory/1192-67-0x00000221B1630000-0x00000221B1640000-memory.dmp

Filesize
64KB

Download
memory/1192-65-0x00000221B1590000-0x00000221B15A0000-memory.dmp

Filesize
64KB

Download
memory/1192-71-0x00000221B1640000-0x00000221B1650000-memory.dmp

Filesize
64KB

Download
memory/1192-74-0x00000221B1650000-0x00000221B1660000-memory.dmp

Filesize
64KB

Download
memory/1192-73-0x00000221B15B0000-0x00000221B15C0000-memory.dmp

Filesize
64KB

Download
memory/1192-82-0x00000221B15D0000-0x00000221B15E0000-memory.dmp

Filesize
64KB

Download
memory/1192-81-0x00000221B1680000-0x00000221B1690000-memory.dmp

Filesize
64KB

Download
memory/1192-80-0x00000221B1670000-0x00000221B1680000-memory.dmp

Filesize
64KB

Download
memory/1192-79-0x00000221B1660000-0x00000221B1670000-memory.dmp

Filesize
64KB

Download
memory/1192-78-0x00000221B15C0000-0x00000221B15D0000-memory.dmp

Filesize
64KB

Download
memory/1192-86-0x00000221B15E0000-0x00000221B15F0000-memory.dmp

Filesize
64KB

Download
memory/1192-90-0x00000221B16B0000-0x00000221B16C0000-memory.dmp

Filesize
64KB

Download
memory/1192-89-0x00000221B16A0000-0x00000221B16B0000-memory.dmp

Filesize
64KB

Download
memory/1192-88-0x00000221B1690000-0x00000221B16A0000-memory.dmp

Filesize
64KB

Download
memory/1192-87-0x00000221B15F0000-0x00000221B1600000-memory.dmp

Filesize
64KB

Download
memory/1192-98-0x00000221B16C0000-0x00000221B16D0000-memory.dmp

Filesize
64KB

Download
memory/1192-96-0x00000221B1600000-0x00000221B1610000-memory.dmp

Filesize
64KB

Download
memory/1192-97-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-101-0x00000221B16D0000-0x00000221B16E0000-memory.dmp

Filesize
64KB

Download
memory/1192-100-0x00000221B1610000-0x00000221B1620000-memory.dmp

Filesize
64KB

Download
memory/1192-23-0x00000221B1560000-0x00000221B1570000-memory.dmp

Filesize
64KB

Download
memory/1192-104-0x00000221B16E0000-0x00000221B16F0000-memory.dmp

Filesize
64KB

Download
memory/1192-105-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-113-0x00000221B1650000-0x00000221B1660000-memory.dmp

Filesize
64KB

Download
memory/1192-108-0x00000221B16F0000-0x00000221B1700000-memory.dmp

Filesize
64KB

Download
memory/1192-138-0x00000221B1750000-0x00000221B1760000-memory.dmp

Filesize
64KB

Download
memory/1192-27-0x00000221B1580000-0x00000221B1590000-memory.dmp

Filesize
64KB

Download
memory/1192-107-0x00000221B1630000-0x00000221B1640000-memory.dmp

Filesize
64KB

Download
memory/1192-114-0x00000221B1710000-0x00000221B1720000-memory.dmp

Filesize
64KB

Download
memory/1192-119-0x00000221B1720000-0x00000221B1730000-memory.dmp

Filesize
64KB

Download
memory/1192-118-0x00000221B1670000-0x00000221B1680000-memory.dmp

Filesize
64KB

Download
memory/1192-117-0x00000221B1660000-0x00000221B1670000-memory.dmp

Filesize
64KB

Download
memory/1192-121-0x00000221B1680000-0x00000221B1690000-memory.dmp

Filesize
64KB

Download
memory/1192-122-0x00000221B1730000-0x00000221B1740000-memory.dmp

Filesize
64KB

Download
memory/1192-124-0x00000221B1690000-0x00000221B16A0000-memory.dmp

Filesize
64KB

Download
memory/1192-127-0x00000221B1740000-0x00000221B1750000-memory.dmp

Filesize
64KB

Download
memory/1192-126-0x00000221B16B0000-0x00000221B16C0000-memory.dmp

Filesize
64KB

Download
memory/1192-125-0x00000221B16A0000-0x00000221B16B0000-memory.dmp

Filesize
64KB

Download
memory/1192-129-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-132-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-137-0x00000221B16C0000-0x00000221B16D0000-memory.dmp

Filesize
64KB

Download
memory/1192-111-0x00000221B1700000-0x00000221B1710000-memory.dmp

Filesize
64KB

Download
memory/1192-139-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-142-0x00000221B16D0000-0x00000221B16E0000-memory.dmp

Filesize
64KB

Download
memory/1192-143-0x00000221B16E0000-0x00000221B16F0000-memory.dmp

Filesize
64KB

Download
memory/1192-146-0x00000221B16F0000-0x00000221B1700000-memory.dmp

Filesize
64KB

Download
memory/1192-147-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-150-0x00000221B1700000-0x00000221B1710000-memory.dmp

Filesize
64KB

Download
memory/1192-151-0x00000221B1710000-0x00000221B1720000-memory.dmp

Filesize
64KB

Download
memory/1192-152-0x00000221B1720000-0x00000221B1730000-memory.dmp

Filesize
64KB

Download
memory/1192-178-0x00000221B16A0000-0x00000221B16B0000-memory.dmp

Filesize
64KB

Download
memory/1192-177-0x00000221B1690000-0x00000221B16A0000-memory.dmp

Filesize
64KB

Download
memory/1192-176-0x00000221B15C0000-0x00000221B15D0000-memory.dmp

Filesize
64KB

Download
memory/1192-175-0x00000221B1640000-0x00000221B1650000-memory.dmp

Filesize
64KB

Download
memory/1192-174-0x00000221B1630000-0x00000221B1640000-memory.dmp

Filesize
64KB

Download
memory/1192-173-0x00000221B1620000-0x00000221B1630000-memory.dmp

Filesize
64KB

Download
memory/1192-172-0x00000221B1610000-0x00000221B1620000-memory.dmp

Filesize
64KB

Download
memory/1192-171-0x00000221B1600000-0x00000221B1610000-memory.dmp

Filesize
64KB

Download
memory/1192-170-0x00000221B15F0000-0x00000221B1600000-memory.dmp

Filesize
64KB

Download
memory/1192-169-0x00000221B15E0000-0x00000221B15F0000-memory.dmp

Filesize
64KB

Download
memory/1192-168-0x00000221B15D0000-0x00000221B15E0000-memory.dmp

Filesize
64KB

Download
memory/1192-167-0x00000221B15A0000-0x00000221B15B0000-memory.dmp

Filesize
64KB

Download
memory/1192-166-0x00000221B15B0000-0x00000221B15C0000-memory.dmp

Filesize
64KB

Download
memory/1192-165-0x00000221B1590000-0x00000221B15A0000-memory.dmp

Filesize
64KB

Download
memory/1192-164-0x00000221B1580000-0x00000221B1590000-memory.dmp

Filesize
64KB

Download
memory/1192-163-0x00000221B1570000-0x00000221B1580000-memory.dmp

Filesize
64KB

Download
memory/1192-162-0x00000221B1560000-0x00000221B1570000-memory.dmp

Filesize
64KB

Download
memory/1192-161-0x00000221B1550000-0x00000221B1560000-memory.dmp

Filesize
64KB

Download
memory/1192-160-0x00000221B1540000-0x00000221B1550000-memory.dmp

Filesize
64KB

Download
memory/1192-20-0x00000221B1540000-0x00000221B1550000-memory.dmp

Filesize
64KB

Download
memory/1192-21-0x00000221B1550000-0x00000221B1560000-memory.dmp

Filesize
64KB

Download
memory/1192-16-0x00000221B1530000-0x00000221B1540000-memory.dmp

Filesize
64KB

Download
memory/1192-14-0x00000221B1520000-0x00000221B1530000-memory.dmp

Filesize
64KB

Download
memory/1192-12-0x00000221B1510000-0x00000221B1520000-memory.dmp

Filesize
64KB

Download
memory/1192-2-0x00000221B12A0000-0x00000221B1510000-memory.dmp

Filesize
2.4MB

Download
memory/1192-159-0x00000221B1530000-0x00000221B1540000-memory.dmp

Filesize
64KB

Download
memory/1192-158-0x00000221B1520000-0x00000221B1530000-memory.dmp

Filesize
64KB

Download
memory/1192-157-0x00000221B1510000-0x00000221B1520000-memory.dmp

Filesize
64KB

Download
memory/1192-156-0x00000221B12A0000-0x00000221B1510000-memory.dmp

Filesize
2.4MB

Download