strrat | ea0d1df8f246470f17fde59c5ed6e866a813b07890de8dcd9932909a3825857e | Triage

Sharing

General

Target

ef3f13667597ce1b7ba2e2d966918609_JaffaCakes118
Size

183KB
Sample

240921-heaqlszapr
MD5

ef3f13667597ce1b7ba2e2d966918609
SHA1

c4b9b27739149475dd718813e3bc05b68af2f11f
SHA256

ea0d1df8f246470f17fde59c5ed6e866a813b07890de8dcd9932909a3825857e
SHA512

85018f8fb24e0793e39b8b9c872fb04dd792aa057a7af0146095d5dc17fa3e2181d4edcd067314b3b271870186edcbe6f39de0640d9b97b54629f377268d900d
SSDEEP

3072:KK9pI8Ly5wq/sp6lOAbftWRLXkXme/IMh+LnVqUfaBoslG4RB7hVARDdjae5N5P:KKXZLy5z/rlOAbCbk2noUfaoSGeyN5P

Score

10^/10

strrat execution persistence stealer trojan

Malware Config

Targets

- Target
  
  ef3f13667597ce1b7ba2e2d966918609_JaffaCakes118
- Size
  
  183KB
- MD5
  
  ef3f13667597ce1b7ba2e2d966918609
- SHA1
  
  c4b9b27739149475dd718813e3bc05b68af2f11f
- SHA256
  
  ea0d1df8f246470f17fde59c5ed6e866a813b07890de8dcd9932909a3825857e
- SHA512
  
  85018f8fb24e0793e39b8b9c872fb04dd792aa057a7af0146095d5dc17fa3e2181d4edcd067314b3b271870186edcbe6f39de0640d9b97b54629f377268d900d
- SSDEEP
  
  3072:KK9pI8Ly5wq/sp6lOAbftWRLXkXme/IMh+LnVqUfaBoslG4RB7hVARDdjae5N5P:KKXZLy5z/rlOAbCbk2noUfaoSGeyN5P
Score

10^/10

execution strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratexecutionpersistencestealertrojan