strrat | 47aa925983db552399e372e67c3b029654e294ae375dee89792c827a86772886 | Triage

Sharing

General

Target

47aa925983db552399e372e67c3b029654e294ae375dee89792c827a86772886
Size

125KB
Sample

250221-3cvyzssndt
MD5

b75f919d6b70a5d0d73d0ecff6b168d8
SHA1

949494a518dc5c198fae3cdc0c7c8ffe0281d69e
SHA256

47aa925983db552399e372e67c3b029654e294ae375dee89792c827a86772886
SHA512

168115b7b9d0381e2db76d77681217a09a1f963a42b9033692ee9f0d68d49c2ab41f3327e9e2476ba81e8e9755e4c26c229af6d647423a0e36f02f436513c8a8
SSDEEP

3072:AjI4BW6kqKjQP1vQejUGXPpEAm9i2dTcdRTv7Lgg:AjrW63IQNVjUGfpEAIi2Kd9nH

Score

10^/10

strrat persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

streelifes.duckdns.org:2022

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  47aa925983db552399e372e67c3b029654e294ae375dee89792c827a86772886
- Size
  
  125KB
- MD5
  
  b75f919d6b70a5d0d73d0ecff6b168d8
- SHA1
  
  949494a518dc5c198fae3cdc0c7c8ffe0281d69e
- SHA256
  
  47aa925983db552399e372e67c3b029654e294ae375dee89792c827a86772886
- SHA512
  
  168115b7b9d0381e2db76d77681217a09a1f963a42b9033692ee9f0d68d49c2ab41f3327e9e2476ba81e8e9755e4c26c229af6d647423a0e36f02f436513c8a8
- SSDEEP
  
  3072:AjI4BW6kqKjQP1vQejUGXPpEAm9i2dTcdRTv7Lgg:AjrW63IQNVjUGfpEAIi2Kd9nH
Score

10^/10

strrat persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Strrat family
  strrat
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

strratpersistencestealertrojan