strrat | bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887 | Triage

Submit
Reports

Overview

overview

Static

static

1

bc9a2a4053...87.jar

windows7-x64

1

bc9a2a4053...87.jar

windows10-2004-x64

Sharing

General

Target

bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887.jar
Size

481KB
Sample

240601-ymactadc5z
MD5

95280ff1d28b3af85b570f55b0d113b8
SHA1

6232e80612b3680de897ac40ba18f3e3ac03e3ff
SHA256

bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887
SHA512

4b9ba1bdd7603aee780de4a98d698ab786177d2acc5c13667181a7846f09f1953544a8e6e6373685fdbf5c3a31d11149f579773cd31bddb0291484c63c61d6b0
SSDEEP

12288:S1lenKeQSPEkhDboZFIRb5hLpCG5JMUFyWJKct:SnenlfHo81EEyWZ

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887.jar

Resource

win7-20240220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887.jar

Resource

win10v2004-20240426-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887.jar
- Size
  
  481KB
- MD5
  
  95280ff1d28b3af85b570f55b0d113b8
- SHA1
  
  6232e80612b3680de897ac40ba18f3e3ac03e3ff
- SHA256
  
  bc9a2a405326685130143b230720469ff9e1a294157748f7ccae56faf5d15887
- SHA512
  
  4b9ba1bdd7603aee780de4a98d698ab786177d2acc5c13667181a7846f09f1953544a8e6e6373685fdbf5c3a31d11149f579773cd31bddb0291484c63c61d6b0
- SSDEEP
  
  12288:S1lenKeQSPEkhDboZFIRb5hLpCG5JMUFyWJKct:SnenlfHo81EEyWZ
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy