strrat | 7058923f62ef66b9a9d589dae9d1d581f5c692c4a38511e1820587a730576f65 | Triage

Sharing

General

Target

T506-21120.jar
Size

270KB
Sample

250211-neyekawmfp
MD5

f969ddb9e0f63e8e301ff51bd854a40d
SHA1

8eb8088e24722f0eb6b515733cc3c757f48f1dbf
SHA256

7058923f62ef66b9a9d589dae9d1d581f5c692c4a38511e1820587a730576f65
SHA512

7ae1f15866464c09f09ff8fc766f97f5967a10f2d4f8d4f44e74d575a7cb87ed4a36bde1e3cf5cc82d180d3ad67f26d0c5012aeb8650f7ca1cf2b3418ebe38fe
SSDEEP

6144:K6TBRThvD+WkVJjUQ3utyExz1Ay2K7wkCadVc:7RThb+WkVJxWxz111lC

Score

10^/10

strrat discovery persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

176.65.139.53:2006

127.0.0.1:2006

Attributes

license_id
0801-GRBL-SUN9-LG8M-2C9C
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  T506-21120.jar
- Size
  
  270KB
- MD5
  
  f969ddb9e0f63e8e301ff51bd854a40d
- SHA1
  
  8eb8088e24722f0eb6b515733cc3c757f48f1dbf
- SHA256
  
  7058923f62ef66b9a9d589dae9d1d581f5c692c4a38511e1820587a730576f65
- SHA512
  
  7ae1f15866464c09f09ff8fc766f97f5967a10f2d4f8d4f44e74d575a7cb87ed4a36bde1e3cf5cc82d180d3ad67f26d0c5012aeb8650f7ca1cf2b3418ebe38fe
- SSDEEP
  
  6144:K6TBRThvD+WkVJjUQ3utyExz1Ay2K7wkCadVc:7RThb+WkVJxWxz111lC
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Downloads MZ/PE file
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan