strrat | 51e912dd2285ec623b00678344a6b3ba933e244938fd1470a03d536cbff66a38 | Triage

Sharing

General

Target

461d7bbff67fa45958735a68976e83143b072eb35f2275086e99212d8fd165cb.zip
Size

454KB
Sample

241004-sylbkasank
MD5

f9143fb2b67492af0ea1020bcf7a019e
SHA1

dde2293d2f155210caedeeee321463d541d884a1
SHA256

51e912dd2285ec623b00678344a6b3ba933e244938fd1470a03d536cbff66a38
SHA512

f9f918abe5b58e13e04b07b83185dda672dda9b9097902311dc00b8de15f3b1b86d584068c2e7405040e8da3d757309761137ec35557edf32e34312d66b39f40
SSDEEP

12288:1XR+LRKYJLu4UsjfrT7y9E8oNw6mYGjrQayhyHwA:1XR+LRKuq6XT4D6wjrEUQA

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

93.185.156.124:1912

127.0.0.1:1912

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  461d7bbff67fa45958735a68976e83143b072eb35f2275086e99212d8fd165cb.exe
- Size
  
  480KB
- MD5
  
  aac338140e178a3cac423d3454cc7467
- SHA1
  
  a9c195e15b4109d4ece1309fb4e3b3bd77145421
- SHA256
  
  461d7bbff67fa45958735a68976e83143b072eb35f2275086e99212d8fd165cb
- SHA512
  
  a96b2c8c985feccbc385a8ba1e7583be6913db7da15244b136c203f7ca320a03727425f3927c21157eae0c4da3fbbdd8fb71373655c6824544296ec66df834f2
- SSDEEP
  
  12288:PkQNy5kuH2lZ6r4os6WQMiyvtJMDiXxJfrJyru:XvuHTr4J7Qw1JJXxJ0ru
Score

10^/10

strrat discovery stealer trojan persistence
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratdiscoverystealertrojan

behavioral2

strratdiscoverypersistencestealertrojan