strrat | de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28 | Triage

Submit
Reports

Overview

overview

Static

static

1

de9c4c7566...28.jar

windows7-x64

1

de9c4c7566...28.jar

windows10-2004-x64

Sharing

General

Target

de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28.jar
Size

452KB
Sample

240607-dbtbbsge31
MD5

84be8a1b68d7a353710700029fd8349b
SHA1

36663d658ae5a108124c505fb47adb59a09f6733
SHA256

de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28
SHA512

0ffcc35d03e5c4a0314c8d7cc6e707e1ea3cc078f2beeaffa5a89ef56f47e8755932302105ad87b73a7859c38056369f0eda0a3a8ca195ebe647f6ba608f359a
SSDEEP

12288:uUpr2+6KZAuH/MlEntQRGrohbMYLLMhuQ1vnotaS:L2+6KSuf4omKohbVLLMhuQ1vGD

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28.jar

Resource

win7-20240220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28.jar

Resource

win10v2004-20240226-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28.jar
- Size
  
  452KB
- MD5
  
  84be8a1b68d7a353710700029fd8349b
- SHA1
  
  36663d658ae5a108124c505fb47adb59a09f6733
- SHA256
  
  de9c4c756623a2893c8ea5a8918ab8796ebe248bc956aba788ba7e84ed420a28
- SHA512
  
  0ffcc35d03e5c4a0314c8d7cc6e707e1ea3cc078f2beeaffa5a89ef56f47e8755932302105ad87b73a7859c38056369f0eda0a3a8ca195ebe647f6ba608f359a
- SSDEEP
  
  12288:uUpr2+6KZAuH/MlEntQRGrohbMYLLMhuQ1vnotaS:L2+6KSuf4omKohbVLLMhuQ1vGD
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy