strrat | 967bc4076a447dfd7f1bbd07c25ed555f6e831cc5ee6111a61563863b58e27d0 | Triage

Sharing

General

Target

967bc4076a447dfd7f1bbd07c25ed555f6e831cc5ee6111a61563863b58e27d0.js
Size

199KB
Sample

250215-egalvatqbq
MD5

d730a8e5aa754e3ead0177d8e382077b
SHA1

f49626e9fc39f17f096d601b65c0e231c42f4cf5
SHA256

967bc4076a447dfd7f1bbd07c25ed555f6e831cc5ee6111a61563863b58e27d0
SHA512

cc913d5b0b9e30aa9ed4a25d3a429c19cf36d0fc1dda0342915098cd39cb1e06a05fd408a7165029c510ff500cea6f7befc4baf6e1e44d2ed2048d9786f4df68
SSDEEP

3072:eQa4mxi9huKa5yaDGx6FCIDl4xMSzGOn+isW/3B6HVHPsZw4:eQa4mx2M5IxsjBivGOn+iRoi

Score

10^/10

strrat discovery execution persistence stealer trojan

Malware Config

Targets

- Target
  
  967bc4076a447dfd7f1bbd07c25ed555f6e831cc5ee6111a61563863b58e27d0.js
- Size
  
  199KB
- MD5
  
  d730a8e5aa754e3ead0177d8e382077b
- SHA1
  
  f49626e9fc39f17f096d601b65c0e231c42f4cf5
- SHA256
  
  967bc4076a447dfd7f1bbd07c25ed555f6e831cc5ee6111a61563863b58e27d0
- SHA512
  
  cc913d5b0b9e30aa9ed4a25d3a429c19cf36d0fc1dda0342915098cd39cb1e06a05fd408a7165029c510ff500cea6f7befc4baf6e1e44d2ed2048d9786f4df68
- SSDEEP
  
  3072:eQa4mxi9huKa5yaDGx6FCIDl4xMSzGOn+isW/3B6HVHPsZw4:eQa4mx2M5IxsjBivGOn+iRoi
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan