strrat | 2799f78dd51fce411e566d428cd2f26bb752370f1be1fb2f4ffbc23ae1fd6504 | Triage

Sharing

General

Target

c4a38d07773d619f73abad13ed74286f_JaffaCakes118
Size

103KB
Sample

240827-j9gcbatarl
MD5

c4a38d07773d619f73abad13ed74286f
SHA1

5199ab6257db0d690b7a08566bf8f032c74a22a8
SHA256

2799f78dd51fce411e566d428cd2f26bb752370f1be1fb2f4ffbc23ae1fd6504
SHA512

b6377eb8c2cacca9912374b4eda3edf3c368d3154c946d4536bc2e94679a4587e601cb3c08a8711106fc9b9c51572a6fba9c68615353fa2869e18de38065f4d5
SSDEEP

3072:W1ugSIpJlEYiuzgd5wfe8/qoYwLJdRjatMFrzq:d2JlEYiZwW8/qqNdRjaitzq

Score

10^/10

strrat persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

194.5.98.239:5059

194.5.97.159:5058

Attributes

license_id
PVW8-WK5J-OZYB-RCGX-ZPVO
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  c4a38d07773d619f73abad13ed74286f_JaffaCakes118
- Size
  
  103KB
- MD5
  
  c4a38d07773d619f73abad13ed74286f
- SHA1
  
  5199ab6257db0d690b7a08566bf8f032c74a22a8
- SHA256
  
  2799f78dd51fce411e566d428cd2f26bb752370f1be1fb2f4ffbc23ae1fd6504
- SHA512
  
  b6377eb8c2cacca9912374b4eda3edf3c368d3154c946d4536bc2e94679a4587e601cb3c08a8711106fc9b9c51572a6fba9c68615353fa2869e18de38065f4d5
- SSDEEP
  
  3072:W1ugSIpJlEYiuzgd5wfe8/qoYwLJdRjatMFrzq:d2JlEYiZwW8/qqNdRjaitzq
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan