strrat | aa32cd6ebf65a0a27f1c0acb9958cc7557db7f2d32da89d288ca60d77f8dc66c | Triage

Sharing

General

Target

Proof Of Payment.js
Size

210KB
Sample

240925-sjgd3avgld
MD5

998f56502dcef7e0f79005a15b347369
SHA1

9e95598310cbdc5539dfd87f9aa535ac45453082
SHA256

aa32cd6ebf65a0a27f1c0acb9958cc7557db7f2d32da89d288ca60d77f8dc66c
SHA512

f24afdc911f4a9c20acda4b875922ed03b467166e9448fc0559f80b142390e3dfbd552e44500a30fbbe9654a0530e489a177d67c507171e239cf00e1c230d747
SSDEEP

6144:HQGpYsLdKl0dTvG7ma45y36H+DvTsnLJ+DwNa:w+nFYYLBg

Score

10^/10

strrat execution stealer trojan

Malware Config

Targets

- Target
  
  Proof Of Payment.js
- Size
  
  210KB
- MD5
  
  998f56502dcef7e0f79005a15b347369
- SHA1
  
  9e95598310cbdc5539dfd87f9aa535ac45453082
- SHA256
  
  aa32cd6ebf65a0a27f1c0acb9958cc7557db7f2d32da89d288ca60d77f8dc66c
- SHA512
  
  f24afdc911f4a9c20acda4b875922ed03b467166e9448fc0559f80b142390e3dfbd552e44500a30fbbe9654a0530e489a177d67c507171e239cf00e1c230d747
- SSDEEP
  
  6144:HQGpYsLdKl0dTvG7ma45y36H+DvTsnLJ+DwNa:w+nFYYLBg
Score

10^/10

execution strrat stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratexecutionstealertrojan