strrat | fe02be2dc318367898f962aa9c3415ff96d95526aa6f6efd72764a732f3b745c | Triage

Resubmissions

10-02-2025 06:12

250210-gyapaasnam 10

10-02-2025 02:31

250210-czrxqsyncp 10

Sharing

General

Target

TT Payment.jar
Size

267KB
Sample

250210-gyapaasnam
MD5

b4bc577b9b011c29d04f7e3797f5b4c0
SHA1

dd5f810d906cd61a8ec78c28841a121fbaa88d6f
SHA256

fe02be2dc318367898f962aa9c3415ff96d95526aa6f6efd72764a732f3b745c
SHA512

12eba3aacb580eaf11dc9a9aec39ad5e926d053fc8e6fb6871153e22bfb2627628a64f3e931855ff772e63bb152862b7c59292345489085068e8e5c3263ecfa4
SSDEEP

3072:fIMXATbZOaBKsPUVx4lboHQMg5CBklnIVSPxk/ISc6iTpoP6vBum4ggH9AoGa+:gAATbZiDPPqlISPW/IlFg6ZuZ+a+

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

195.211.190.213:1663

Attributes

license_id
WYAA-QBJT-QQ16-FF21-N4O2
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  TT Payment.jar
- Size
  
  267KB
- MD5
  
  b4bc577b9b011c29d04f7e3797f5b4c0
- SHA1
  
  dd5f810d906cd61a8ec78c28841a121fbaa88d6f
- SHA256
  
  fe02be2dc318367898f962aa9c3415ff96d95526aa6f6efd72764a732f3b745c
- SHA512
  
  12eba3aacb580eaf11dc9a9aec39ad5e926d053fc8e6fb6871153e22bfb2627628a64f3e931855ff772e63bb152862b7c59292345489085068e8e5c3263ecfa4
- SSDEEP
  
  3072:fIMXATbZOaBKsPUVx4lboHQMg5CBklnIVSPxk/ISc6iTpoP6vBum4ggH9AoGa+:gAATbZiDPPqlISPW/IlFg6ZuZ+a+
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Downloads MZ/PE file
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strratdiscoverypersistencestealertrojan