strrat | cd9947cb94180d2bbbefa025e3208ced3777f78845e601aaa75ad736a6b9f015 | Triage

Submit
Reports

Overview

overview

Static

static

1

f8594a3bef...a27.js

windows7-x64

3

f8594a3bef...a27.js

windows10-2004-x64

Sharing

General

Target

a4032522c72cd09ce0038131c668046b.bin
Size

167KB
Sample

240608-ea8kashe24
MD5

8b401f40e12ded5b9474fbb98bdc8793
SHA1

445fef27d40345519032f94d149f01d090995dc9
SHA256

cd9947cb94180d2bbbefa025e3208ced3777f78845e601aaa75ad736a6b9f015
SHA512

b2e55ebc3de2335bd88d20cec248e36f2763bd6fccc29df98dd8bbcbe1986e45102d00a7e9556fa2cc34e2d8522f88d0baeab4813e42d1e893446fa40983e0f3
SSDEEP

3072:bPKwmYqMqBhsKSfmeHWX+0icecaAXrbqOeiyTLPMf2WO9UOG:bPKvMqBhvSfme2O0i9z0ftyTLn9rG

Score

10^/10

strrat discovery execution persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27.js

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27.js

Resource

win10v2004-20240226-en

strrat discovery execution persistence stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27.js
- Size
  
  829KB
- MD5
  
  a4032522c72cd09ce0038131c668046b
- SHA1
  
  f4168f40910558c77e5be2e5a883d9c99ced4bbc
- SHA256
  
  f8594a3befdb1650618150f76d924aa2ef568676dee558b9c2640900eb00aa27
- SHA512
  
  677b8470b6bbd86c0f026ec60491b0b8e3215c503138cfb74e2750fba0824d659ffad3d35d6b75093b60b8636fa8f8ebc86b394e68794a411d3e889648a7afa2
- SSDEEP
  
  6144:XQNzmAgFd0XRVnBZUeaNwiyW3XhsVGqmpx6UydsbvfCWTxTq8tfy8V1ptpsHIg55:gx
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan

© 2018-2024

Terms | Privacy