strrat | ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94 | Triage

Submit
Reports

Overview

overview

Static

static

1

ad747e59d4...94.jar

windows7-x64

1

ad747e59d4...94.jar

windows10-2004-x64

Sharing

General

Target

ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94.zip
Size

452KB
Sample

240607-j4eljadb2w
MD5

7ca5588c60e103a7ec2531f10f70e7b4
SHA1

12d63977451d2bd0acc917975abb9148a8f9b8d2
SHA256

ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94
SHA512

ac1814c1300f7cb87ff3e106aeba2944fd01f3306d35112b99cbd34b3449e218a54ffbba6198a7280cb74438f745f7ad57279a5d17b0bf334359e32e380819b9
SSDEEP

12288:WUcrdL9fstlH/MH0nSQkGrorW3J+RMhdQE6ZBj2l:wdL9fSlfGY2KorW5+RMhdQEip8

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94.jar

Resource

win10v2004-20240508-en

strrat discovery persistence stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94.zip
- Size
  
  452KB
- MD5
  
  7ca5588c60e103a7ec2531f10f70e7b4
- SHA1
  
  12d63977451d2bd0acc917975abb9148a8f9b8d2
- SHA256
  
  ad747e59d4d15a7585dc5aa943ecd9c3258a7de57a7269c882ff436932f51e94
- SHA512
  
  ac1814c1300f7cb87ff3e106aeba2944fd01f3306d35112b99cbd34b3449e218a54ffbba6198a7280cb74438f745f7ad57279a5d17b0bf334359e32e380819b9
- SSDEEP
  
  12288:WUcrdL9fstlH/MH0nSQkGrorW3J+RMhdQE6ZBj2l:wdL9fSlfGY2KorW5+RMhdQEip8
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy