strrat | 41e4367d9f5158c26f8e05299b8075765fa72d56fbed3a6ac497ff13d664ecef | Triage

Sharing

General

Target

18022025_1633_18022025_Order_Details.xz
Size

119KB
Sample

250218-t6cj3atngr
MD5

9602eabdcbdda1c6e8c6dfbe593efce4
SHA1

4fa6933c35d92a093559fab37b780525466386e4
SHA256

41e4367d9f5158c26f8e05299b8075765fa72d56fbed3a6ac497ff13d664ecef
SHA512

78d4614b80e2fef45c02b6dc47c06632952b890781f081a44bf7f11568415d32776552f9b849734d8555bf9da4cd9d24e9a062abe11045d8f06f8697dc25dcf6
SSDEEP

1536:/JbCa++jwVyW/ujQZ9VqDuoE+0Fldlb0ehYYkqPp1pJYldpu6cbjpkTi+jkr7mh5:/1C2kffoS+sblbz7aIyu+2fFdlEik3+4

Score

10^/10

strrat execution stealer trojan

Malware Config

Targets

- Target
  
  Order_Details.js
- Size
  
  207KB
- MD5
  
  eeaadaf8c5d945f8a0f0c0fa01c4dfed
- SHA1
  
  ffcb938606180bb21a989cb3f2694805c6de0892
- SHA256
  
  14def6c04f10749ef9f9efce3767d8776a4c40327541a85efad4706a6b496ad1
- SHA512
  
  37e83d74c320f8a5d04cf070abeb6f90b24ddf2dece4b5894f8410bb9dfe1b7bc731ef70f501a2cee881295a45ea75522f9b38b2a81c8dbdaad16b6d66d15a3c
- SSDEEP
  
  6144:eQ+BEXXTRePXM9G29OETHy4zhaV8LAlNnIGURb34c:1cblSOEO4zhWLsn
Score

10^/10

execution strrat stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratexecutionstealertrojan