strrat | f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27 | Triage

Submit
Reports

Overview

overview

Static

static

1

Proof Of Payment.js

windows7-x64

3

Proof Of Payment.js

windows10-2004-x64

Sharing

General

Target

Proof Of Payment.js
Size

829KB
Sample

240606-spms2agg94
MD5

a4032522c72cd09ce0038131c668046b
SHA1

f4168f40910558c77e5be2e5a883d9c99ced4bbc
SHA256

f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27
SHA512

677b8470b6bbd86c0f026ec60491b0b8e3215c503138cfb74e2750fba0824d659ffad3d35d6b75093b60b8636fa8f8ebc86b394e68794a411d3e889648a7afa2
SSDEEP

6144:XQNzmAgFd0XRVnBZUeaNwiyW3XhsVGqmpx6UydsbvfCWTxTq8tfy8V1ptpsHIg55:gx

Score

10^/10

strrat discovery execution persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Proof Of Payment.js

Resource

win7-20240220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Proof Of Payment.js

Resource

win10v2004-20240426-en

strrat discovery execution persistence stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Proof Of Payment.js
- Size
  
  829KB
- MD5
  
  a4032522c72cd09ce0038131c668046b
- SHA1
  
  f4168f40910558c77e5be2e5a883d9c99ced4bbc
- SHA256
  
  f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27
- SHA512
  
  677b8470b6bbd86c0f026ec60491b0b8e3215c503138cfb74e2750fba0824d659ffad3d35d6b75093b60b8636fa8f8ebc86b394e68794a411d3e889648a7afa2
- SSDEEP
  
  6144:XQNzmAgFd0XRVnBZUeaNwiyW3XhsVGqmpx6UydsbvfCWTxTq8tfy8V1ptpsHIg55:gx
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan

© 2018-2024

Terms | Privacy