strrat | 8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40 | Triage

Submit
Reports

Overview

overview

Static

static

PO881620-2024.jar

windows7-x64

1

PO881620-2024.jar

windows10-2004-x64

Sharing

General

Target

PO881620-2024.jar
Size

203KB
Sample

240613-28414aycql
MD5

ef8d2de4e2983dddfe12759ba4626d20
SHA1

e3ce248bdcd07b23e94ce832062cf717a83334a8
SHA256

8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40
SHA512

6d956b3e536fb7227c7bcb9d2beeaac9e64fae4c60e32b95772201d0c68b962936104fba7b57ef57e82c02d193b8200539a55e69ec95a4f7d1fcfee331203280
SSDEEP

3072:yVeoCg5sL1zElp9IsdQffd3qrNMVMYBJk4ubY+tqtPwzrLQBAWfTy3KNY:8L61z29/dHpMVMYBqN0JIzr0qWfTxY

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO881620-2024.jar

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO881620-2024.jar

Resource

win10v2004-20240226-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  PO881620-2024.jar
- Size
  
  203KB
- MD5
  
  ef8d2de4e2983dddfe12759ba4626d20
- SHA1
  
  e3ce248bdcd07b23e94ce832062cf717a83334a8
- SHA256
  
  8fc554384f269993bde053de9811902c44135fb99e1944c5047afea9aac6ea40
- SHA512
  
  6d956b3e536fb7227c7bcb9d2beeaac9e64fae4c60e32b95772201d0c68b962936104fba7b57ef57e82c02d193b8200539a55e69ec95a4f7d1fcfee331203280
- SSDEEP
  
  3072:yVeoCg5sL1zElp9IsdQffd3qrNMVMYBJk4ubY+tqtPwzrLQBAWfTy3KNY:8L61z29/dHpMVMYBqN0JIzr0qWfTxY
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy