strrat | 0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb | Triage

Submit
Reports

Overview

overview

Static

static

1

0285e2e492...eb.jar

windows7-x64

1

0285e2e492...eb.jar

windows10-2004-x64

Sharing

General

Target

0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar
Size

452KB
Sample

240608-jrfm3abc28
MD5

b07c339834a5d170e4d53d5047450a8d
SHA1

de8e5013ce628b4d1d14e3f4b665ffbda1faea82
SHA256

0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb
SHA512

c455b22807f9d592db3d36ffdf808242df7c87537bdcee8516cd22196bc688b728ec827a56a8c05d072c20482819257c0d749d09a7a2e1aa67ba168bc499c5f9
SSDEEP

12288:iU9rum+uhMaH/Ml0nZQZGrotf0wXfMhmQd3jEdkR:num+uaaf0YKKotfxXfMhmQdzWI

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar

Resource

win10v2004-20240508-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar
- Size
  
  452KB
- MD5
  
  b07c339834a5d170e4d53d5047450a8d
- SHA1
  
  de8e5013ce628b4d1d14e3f4b665ffbda1faea82
- SHA256
  
  0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb
- SHA512
  
  c455b22807f9d592db3d36ffdf808242df7c87537bdcee8516cd22196bc688b728ec827a56a8c05d072c20482819257c0d749d09a7a2e1aa67ba168bc499c5f9
- SSDEEP
  
  12288:iU9rum+uhMaH/Ml0nZQZGrotf0wXfMhmQd3jEdkR:num+uaaf0YKKotfxXfMhmQdzWI
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy