strrat | 378bf7c2c793cfa3693b5a81a7709d57e4c9917cbe0dbdc11a4c2ba54406b674 | Triage

Submit
Reports

Overview

overview

Static

static

1

0285e2e492...eb.jar

windows7-x64

1

0285e2e492...eb.jar

windows10-2004-x64

Sharing

General

Target

b07c339834a5d170e4d53d5047450a8d.bin
Size

446KB
Sample

240609-exlztade51
MD5

5de2477b3ce6589411174c325eb97a52
SHA1

835a9499a31defc335da8ec32b64ef5a86acdc59
SHA256

378bf7c2c793cfa3693b5a81a7709d57e4c9917cbe0dbdc11a4c2ba54406b674
SHA512

dda563f62dba27cdd32bced7d03146e793bff29d4ecb6b95b10c19da30bcae6b5d6430712a700f6bdccbbd541e768a5837182bb79ee0c6cc28e74b99d2f76185
SSDEEP

12288:tLCA3ekmE7nF2PVbj6jruDSBpHZ7n3R2Aogw:tTO3E7nF0gjruDg2A7w

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar

Resource

win10v2004-20240426-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb.jar
- Size
  
  452KB
- MD5
  
  b07c339834a5d170e4d53d5047450a8d
- SHA1
  
  de8e5013ce628b4d1d14e3f4b665ffbda1faea82
- SHA256
  
  0285e2e492a0054ea00d3790884448a8bf2ba890de6496ecaa9fa22af97100eb
- SHA512
  
  c455b22807f9d592db3d36ffdf808242df7c87537bdcee8516cd22196bc688b728ec827a56a8c05d072c20482819257c0d749d09a7a2e1aa67ba168bc499c5f9
- SSDEEP
  
  12288:iU9rum+uhMaH/Ml0nZQZGrotf0wXfMhmQd3jEdkR:num+uaaf0YKKotfxXfMhmQdzWI
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy