strrat | f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151 | Triage

Submit
Reports

Overview

overview

Static

static

1

f0699de74b...51.jar

windows7-x64

1

f0699de74b...51.jar

windows10-2004-x64

Sharing

General

Target

f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151.zip
Size

481KB
Sample

240528-b269rsaa7w
MD5

0bd6891d55ba2fc4b16da35243710fc0
SHA1

148901af7e43cd04bfaaa393d1abaf0f91e29f5e
SHA256

f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151
SHA512

1ca26438fd51937b1091883198309518984eb4f1bdc3de3fbaca1ac5d63b2c31a5ab79f3d901d9e2a0e90739ab2b144f74770be4daaf7b73845b4d6fb3016078
SSDEEP

12288:ublFMKeQSPEXjwVfgFJRb5hokCl24Lpty4qKcV:uxFMlwofcpKjy4S

Score

10^/10

strrat collection discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151.jar

Resource

win10v2004-20240508-en

strrat collection discovery persistence stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151.zip
- Size
  
  481KB
- MD5
  
  0bd6891d55ba2fc4b16da35243710fc0
- SHA1
  
  148901af7e43cd04bfaaa393d1abaf0f91e29f5e
- SHA256
  
  f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151
- SHA512
  
  1ca26438fd51937b1091883198309518984eb4f1bdc3de3fbaca1ac5d63b2c31a5ab79f3d901d9e2a0e90739ab2b144f74770be4daaf7b73845b4d6fb3016078
- SSDEEP
  
  12288:ublFMKeQSPEXjwVfgFJRb5hokCl24Lpty4qKcV:uxFMlwofcpKjy4S
Score

10^/10

strrat collection discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratcollectiondiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy