strrat | 6ade8c681e3c0944c7f1f64c8a1407d7eb0b04e5e5e6e35baa5b895050985500 | Triage

Sharing

General

Target

QUOTATION.js
Size

208KB
Sample

250206-mfxzraska1
MD5

0491747d49bf841f68caca6b6d8b281d
SHA1

146076c41c3f9d53e86d4b30ddf910f466a1e06b
SHA256

6ade8c681e3c0944c7f1f64c8a1407d7eb0b04e5e5e6e35baa5b895050985500
SHA512

ca67e695f47573b93202f58a6bbeb28d6cea2472e1a5375a30a73019712bdee6643d03af4ba2d041e3da1df4b6ad8c4c6dd4fd4f00d46341ce0297695f70a7a1
SSDEEP

3072:eQ+mWSwjR4eq94l5hssxc0geXqukz37Y8knV+YT4t5XDRzj+Ckm7ZUZ3xx:eQlFwlm4lLv60DXpK7PiVb4tbj+CHi3v

Score

10^/10

strrat execution persistence stealer trojan

Malware Config

Targets

- Target
  
  QUOTATION.js
- Size
  
  208KB
- MD5
  
  0491747d49bf841f68caca6b6d8b281d
- SHA1
  
  146076c41c3f9d53e86d4b30ddf910f466a1e06b
- SHA256
  
  6ade8c681e3c0944c7f1f64c8a1407d7eb0b04e5e5e6e35baa5b895050985500
- SHA512
  
  ca67e695f47573b93202f58a6bbeb28d6cea2472e1a5375a30a73019712bdee6643d03af4ba2d041e3da1df4b6ad8c4c6dd4fd4f00d46341ce0297695f70a7a1
- SSDEEP
  
  3072:eQ+mWSwjR4eq94l5hssxc0geXqukz37Y8knV+YT4t5XDRzj+Ckm7ZUZ3xx:eQlFwlm4lLv60DXpK7PiVb4tbj+CHi3v
Score

10^/10

execution strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratexecutionpersistencestealertrojan