strrat | ac6bd2a094d908276dfcbc917b3d372d489cd4b9b7e38d364e74b0f8ebd9aec3 | Triage

Sharing

General

Target

ac6bd2a094d908276dfcbc917b3d372d489cd4b9b7e38d364e74b0f8ebd9aec3
Size

198KB
Sample

250207-efcd2sxpdt
MD5

75ea1986c379d1a59b644553c595c149
SHA1

7ab180367e2c9e0ed58f9f3dd98c82873e6f4096
SHA256

ac6bd2a094d908276dfcbc917b3d372d489cd4b9b7e38d364e74b0f8ebd9aec3
SHA512

424d2f449875eec6f18632023e4f2e29faaa6610f5505a206ef2eb0a8cabb23cf3f6750e00c1b22f41381615ba27fd0e9180b25a337967e30318f12d4ea4027e
SSDEEP

3072:3EythV88HXV0aq4fKjV/36niZUuAVPQSBfQWynGwV6lsG1da+ZXJCUkXA1:3EEhV88lrKMiuu6BlyGGss4dvXMfXA1

Score

10^/10

strrat persistence

Malware Config

Extracted

Family

strrat

C2

indrupauloakuu01.ddnsking.com:4897

indrloakuu01.ddnsking.com:4985

Attributes

license_id
17SH-99EQ-GWIE-XC0R-AXNZ
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
false
secondary_startup
true
startup
true

Targets

- Target
  
  ac6bd2a094d908276dfcbc917b3d372d489cd4b9b7e38d364e74b0f8ebd9aec3
- Size
  
  198KB
- MD5
  
  75ea1986c379d1a59b644553c595c149
- SHA1
  
  7ab180367e2c9e0ed58f9f3dd98c82873e6f4096
- SHA256
  
  ac6bd2a094d908276dfcbc917b3d372d489cd4b9b7e38d364e74b0f8ebd9aec3
- SHA512
  
  424d2f449875eec6f18632023e4f2e29faaa6610f5505a206ef2eb0a8cabb23cf3f6750e00c1b22f41381615ba27fd0e9180b25a337967e30318f12d4ea4027e
- SSDEEP
  
  3072:3EythV88HXV0aq4fKjV/36niZUuAVPQSBfQWynGwV6lsG1da+ZXJCUkXA1:3EEhV88lrKMiuu6BlyGGss4dvXMfXA1
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2