strrat | 1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1 | Triage

Submit
Reports

Overview

overview

Static

static

1

Request Fo...ion.js

windows7-x64

3

Request Fo...ion.js

windows10-2004-x64

Sharing

General

Target

Request For Quotation.js
Size

835KB
Sample

240611-xjmnasxemn
MD5

a5e17a3b0f562f722011b2025ad1badf
SHA1

e3e8457df8c12a7d76c021851c923fbb3f090257
SHA256

1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1
SHA512

23930d5bbdc3336fe5599b39c23de6a1319d2032713866eb8bbcb54c4d91aaf4de296b1fa441b7a6bc17dad2bacedf8fd6ed7a4e0efc81a5fb23726d8c4eee7f
SSDEEP

768:XQ9KqO+g0ESJoOYHmxzFQi0O7I02iVuUBbS4OPtI0KIr3l9MgkmJ3Eudgis8aidB:XQfRVQgpATGGzIQ1DQ8lU+

Score

10^/10

strrat discovery execution persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request For Quotation.js

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request For Quotation.js

Resource

win10v2004-20240426-en

strrat discovery execution persistence stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Request For Quotation.js
- Size
  
  835KB
- MD5
  
  a5e17a3b0f562f722011b2025ad1badf
- SHA1
  
  e3e8457df8c12a7d76c021851c923fbb3f090257
- SHA256
  
  1cb72dd000981a7f72f42e187c7a9788ec3d8c972ef0b6052f65ec059cbbb1a1
- SHA512
  
  23930d5bbdc3336fe5599b39c23de6a1319d2032713866eb8bbcb54c4d91aaf4de296b1fa441b7a6bc17dad2bacedf8fd6ed7a4e0efc81a5fb23726d8c4eee7f
- SSDEEP
  
  768:XQ9KqO+g0ESJoOYHmxzFQi0O7I02iVuUBbS4OPtI0KIr3l9MgkmJ3Eudgis8aidB:XQfRVQgpATGGzIQ1DQ8lU+
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan

© 2018-2024

Terms | Privacy