strrat | 04dd324077d3fc3c5d1bf6a7e2692dd9030867efb979309f58944bc0d86be5d9 | Triage

Submit
Reports

Overview

overview

Static

static

STRISTART.jar

windows7-x64

1

STRISTART.jar

windows10-2004-x64

Sharing

General

Target

STRISTART.jar
Size

91KB
Sample

240524-eclhjsbh4x
MD5

ce57eae7c22979b71802ee9acb4bad4f
SHA1

beed9e7131c475286be70ebb2ec893523cfa877c
SHA256

04dd324077d3fc3c5d1bf6a7e2692dd9030867efb979309f58944bc0d86be5d9
SHA512

d166392c9edd5d369b85393daabe8f77f33ecc27fe40b3610a861d74ebad044e20b3b45e39f19b9cb983da4e76f19145e74bc3987f6b4ddedcb5dfc735f4869f
SSDEEP

1536:ZWrAxbeF1Mr45Ldk1PQQ3am3AdnzPPxy0Ic5iqWOX+FnI7zs7G+GQltOw9P4:+EbD4U1P9A5PJy0vcOXxHs73xtz9P4

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

STRISTART.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

STRISTART.jar

Resource

win10v2004-20240508-en

strrat discovery persistence stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

strrat

C2

173.212.199.134:1780

kimboy1.duckdns.org:1788

Attributes

license_id
khonsari
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Targets

- Target
  
  STRISTART.jar
- Size
  
  91KB
- MD5
  
  ce57eae7c22979b71802ee9acb4bad4f
- SHA1
  
  beed9e7131c475286be70ebb2ec893523cfa877c
- SHA256
  
  04dd324077d3fc3c5d1bf6a7e2692dd9030867efb979309f58944bc0d86be5d9
- SHA512
  
  d166392c9edd5d369b85393daabe8f77f33ecc27fe40b3610a861d74ebad044e20b3b45e39f19b9cb983da4e76f19145e74bc3987f6b4ddedcb5dfc735f4869f
- SSDEEP
  
  1536:ZWrAxbeF1Mr45Ldk1PQQ3am3AdnzPPxy0Ic5iqWOX+FnI7zs7G+GQltOw9P4:+EbD4U1P9A5PJy0vcOXxHs73xtz9P4
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy