strrat | e95b00e2410e59526ac95bcd640eb1a8a2e9da7489d9db146d7bc2fe8742b3cf | Triage

Sharing

General

Target

e95b00e2410e59526ac95bcd640eb1a8a2e9da7489d9db146d7bc2fe8742b3cf.js
Size

240KB
Sample

241121-kpbf1azemg
MD5

ee561cb65c1c091022c0fc74326ed6e1
SHA1

0c7451bdeaf769da591e070537472d2514f138eb
SHA256

e95b00e2410e59526ac95bcd640eb1a8a2e9da7489d9db146d7bc2fe8742b3cf
SHA512

d349da1e356830d3109262f683f0d7b27da98ad56bd07ad43849fc712cd8c1985e23b5639a07fbe9717a70736844cd8df20b7411985ebbb43f397c1700585d38
SSDEEP

6144:eQLk79lpKjq/aJYrMfy7wJfVm642LbIXSBFfAfx1:1LwAz6kFueIXCIfP

Score

10^/10

strrat execution persistence stealer trojan

Malware Config

Targets

- Target
  
  e95b00e2410e59526ac95bcd640eb1a8a2e9da7489d9db146d7bc2fe8742b3cf.js
- Size
  
  240KB
- MD5
  
  ee561cb65c1c091022c0fc74326ed6e1
- SHA1
  
  0c7451bdeaf769da591e070537472d2514f138eb
- SHA256
  
  e95b00e2410e59526ac95bcd640eb1a8a2e9da7489d9db146d7bc2fe8742b3cf
- SHA512
  
  d349da1e356830d3109262f683f0d7b27da98ad56bd07ad43849fc712cd8c1985e23b5639a07fbe9717a70736844cd8df20b7411985ebbb43f397c1700585d38
- SSDEEP
  
  6144:eQLk79lpKjq/aJYrMfy7wJfVm642LbIXSBFfAfx1:1LwAz6kFueIXCIfP
Score

10^/10

execution strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratexecutionpersistencestealertrojan