strrat | 461d7bbff67fa45958735a68976e83143b072eb35f2275086e99212d8fd165cb | Triage

Sharing

General

Target

Product Specification Wire-Mesh RQF 260924.sc.exe
Size

480KB
Sample

240927-frd8fszbnb
MD5

aac338140e178a3cac423d3454cc7467
SHA1

a9c195e15b4109d4ece1309fb4e3b3bd77145421
SHA256

461d7bbff67fa45958735a68976e83143b072eb35f2275086e99212d8fd165cb
SHA512

a96b2c8c985feccbc385a8ba1e7583be6913db7da15244b136c203f7ca320a03727425f3927c21157eae0c4da3fbbdd8fb71373655c6824544296ec66df834f2
SSDEEP

12288:PkQNy5kuH2lZ6r4os6WQMiyvtJMDiXxJfrJyru:XvuHTr4J7Qw1JJXxJ0ru

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

93.185.156.124:1912

127.0.0.1:1912

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  Product Specification Wire-Mesh RQF 260924.sc.exe
- Size
  
  480KB
- MD5
  
  aac338140e178a3cac423d3454cc7467
- SHA1
  
  a9c195e15b4109d4ece1309fb4e3b3bd77145421
- SHA256
  
  461d7bbff67fa45958735a68976e83143b072eb35f2275086e99212d8fd165cb
- SHA512
  
  a96b2c8c985feccbc385a8ba1e7583be6913db7da15244b136c203f7ca320a03727425f3927c21157eae0c4da3fbbdd8fb71373655c6824544296ec66df834f2
- SSDEEP
  
  12288:PkQNy5kuH2lZ6r4os6WQMiyvtJMDiXxJfrJyru:XvuHTr4J7Qw1JJXxJ0ru
Score

10^/10

strrat discovery stealer trojan persistence
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratdiscoverystealertrojan

behavioral2

strratdiscoverypersistencestealertrojan