strrat | 56d4a754c102a6fd1efaa3cf6887360b6c5f6590971c29180e0e851c5aeef1f6 | Triage

Sharing

General

Target

20012025_1543_19012025_Proforma A503.jar
Size

263KB
Sample

250120-s6cdmawraw
MD5

835fdde38be5b121f3b2a56eb368b360
SHA1

336b5bb4ce70453e796dad0c27aa3c195c735fcc
SHA256

56d4a754c102a6fd1efaa3cf6887360b6c5f6590971c29180e0e851c5aeef1f6
SHA512

6413e75745366606ac440ef126d0bcb57ba158b3419e2faa261cbde5071dd4c009496c61560b3badacd0aca1e72140a437ea63dc4c8dbff10ca63bb05e3efcbf
SSDEEP

3072:cuoa3eQ4jnnB/gKjkJVt+fbZudV53lhq2TxZBX4L0vmlWLlHkZtwibQGdf7GSk:RDEd/Bj0+TQd1hbTn54L0vuWOX7MYS

Score

10^/10

strrat persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

www.kposlifestyle.design :1980

127.0.0.1:1980

Attributes

license_id
0801-GRBL-SUN9-LG8M-2C9C
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  20012025_1543_19012025_Proforma A503.jar
- Size
  
  263KB
- MD5
  
  835fdde38be5b121f3b2a56eb368b360
- SHA1
  
  336b5bb4ce70453e796dad0c27aa3c195c735fcc
- SHA256
  
  56d4a754c102a6fd1efaa3cf6887360b6c5f6590971c29180e0e851c5aeef1f6
- SHA512
  
  6413e75745366606ac440ef126d0bcb57ba158b3419e2faa261cbde5071dd4c009496c61560b3badacd0aca1e72140a437ea63dc4c8dbff10ca63bb05e3efcbf
- SSDEEP
  
  3072:cuoa3eQ4jnnB/gKjkJVt+fbZudV53lhq2TxZBX4L0vmlWLlHkZtwibQGdf7GSk:RDEd/Bj0+TQd1hbTn54L0vuWOX7MYS
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan