strrat | e05754709194a77dbb090e99877d0df694b1e86b15afb467a930a5d934a08ac0 | Triage

Sharing

General

Target

Payment.Telex-pdf.jar
Size

410KB
Sample

241014-wme7ysscnj
MD5

090067ccd28dc697d7f84eda16ec894d
SHA1

ffe35109e8e015a0a5c851b2762a3d78be64d4d6
SHA256

e05754709194a77dbb090e99877d0df694b1e86b15afb467a930a5d934a08ac0
SHA512

2069584c2327f294c207c324dbb3e8c0fa7758799423b255ccf9eb311a7821f08071f316767497747b26b8c0d9be051752d92415e04f343be650a673b779b91f
SSDEEP

6144:4N1Ezmx5uv9Acyk2ObLaJaJ+rY7J46/jU5VQVCCQVoDF3pKGIH0Qu8r0Rss6E:4NWmxwlAZBObLaJakr03/jFpKXO8r0L

Score

10^/10

strrat persistence stealer trojan

Malware Config

Targets

- Target
  
  Payment.Telex-pdf.jar
- Size
  
  410KB
- MD5
  
  090067ccd28dc697d7f84eda16ec894d
- SHA1
  
  ffe35109e8e015a0a5c851b2762a3d78be64d4d6
- SHA256
  
  e05754709194a77dbb090e99877d0df694b1e86b15afb467a930a5d934a08ac0
- SHA512
  
  2069584c2327f294c207c324dbb3e8c0fa7758799423b255ccf9eb311a7821f08071f316767497747b26b8c0d9be051752d92415e04f343be650a673b779b91f
- SSDEEP
  
  6144:4N1Ezmx5uv9Acyk2ObLaJaJ+rY7J46/jU5VQVCCQVoDF3pKGIH0Qu8r0Rss6E:4NWmxwlAZBObLaJakr03/jFpKXO8r0L
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan