strrat | db4788aeaa91caa08c95e71dd742a3b51cc19c1187c51830ca4b17149956a45c | Triage

Submit
Reports

Overview

overview

Static

static

1

ae81b5336b...3c.jar

windows7-x64

1

ae81b5336b...3c.jar

windows10-2004-x64

Sharing

General

Target

96c7a130ac35505293e7766f058a6d07.bin
Size

446KB
Sample

240609-ekw91sdd2w
MD5

66024d5b12f23926c4e77be3c808a210
SHA1

6c0cf2efd4d567134fe97e127c93122ffa56733d
SHA256

db4788aeaa91caa08c95e71dd742a3b51cc19c1187c51830ca4b17149956a45c
SHA512

7698255136536a5ec2788e7ef602c77e454c4fccb9b5facfcb4ab0354c68982e60cc5756bcf1110a1d01b0219d77c6600d5dbd15994d8906bb946f9c8d02df22
SSDEEP

12288:hpmHROk4WE04NqAH6eRosssUT/+PqcNgvcUT:jmxE0eqUdR2s2+PFwcUT

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c.jar

Resource

win10v2004-20240426-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c.zip
- Size
  
  452KB
- MD5
  
  96c7a130ac35505293e7766f058a6d07
- SHA1
  
  05638c895529fb2d7249b87c4250ab299fa4f937
- SHA256
  
  ae81b5336b8e70c6fc258e963c24346ded948f6df565a51dde18d7cdcfec753c
- SHA512
  
  9d3fe14608a995cad1d0ac80d49b40fe213dfa289c396987bc9c0e992608d336cf7aee71a5bdb8c869859b0a286d50f1781a4875b2e47d54143d46110b6ed065
- SSDEEP
  
  12288:KUzrcAYk32MH/M9knDQPGrotZy69vMhUQztrqVOH:pcAYkmMfsIyKotZJ9vMhUQzJoM
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy