strrat | 8f5a17017f6723e7f40f626f10b973c109463e431c77c5d8257150551d3d0137 | Triage

Sharing

General

Target

8f5a17017f6723e7f40f626f10b973c109463e431c77c5d8257150551d3d0137.js
Size

210KB
Sample

241006-bss1satbjh
MD5

545558f7f19d53890a240c10a524b8c6
SHA1

63bfcebbbba94b5dde80814e5e62daee4c176868
SHA256

8f5a17017f6723e7f40f626f10b973c109463e431c77c5d8257150551d3d0137
SHA512

8e8d4448e612984f78a28ccc5b913051817153f388642c9df0b01d44bd36ad0206f8e73e1f248c341f00f0489f9da02959e76a92499d4f88387e464c6d6c8212
SSDEEP

6144:HQxYvW9mwBmrPaig3JeC8Q5UmNdQByQT+ouoN:wtzKFgw2UWw

Score

10^/10

strrat execution persistence stealer trojan

Malware Config

Targets

- Target
  
  8f5a17017f6723e7f40f626f10b973c109463e431c77c5d8257150551d3d0137.js
- Size
  
  210KB
- MD5
  
  545558f7f19d53890a240c10a524b8c6
- SHA1
  
  63bfcebbbba94b5dde80814e5e62daee4c176868
- SHA256
  
  8f5a17017f6723e7f40f626f10b973c109463e431c77c5d8257150551d3d0137
- SHA512
  
  8e8d4448e612984f78a28ccc5b913051817153f388642c9df0b01d44bd36ad0206f8e73e1f248c341f00f0489f9da02959e76a92499d4f88387e464c6d6c8212
- SSDEEP
  
  6144:HQxYvW9mwBmrPaig3JeC8Q5UmNdQByQT+ouoN:wtzKFgw2UWw
Score

10^/10

execution strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratexecutionpersistencestealertrojan