strrat | e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567 | Triage

Submit
Reports

Overview

overview

Static

static

1

e8ee8e0e3b...67.jar

windows7-x64

1

e8ee8e0e3b...67.jar

windows10-2004-x64

Sharing

General

Target

e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567.jar
Size

448KB
Sample

240613-cjt26a1ang
MD5

633bdb02e821ed7d851d56782fd146b4
SHA1

698ca6a9a04301a0ec8e2e5299a2a6f3a2a3db83
SHA256

e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567
SHA512

21e0faca206c59ae8e2f9ff6504846e677769a4190ab6a291a4b73499d50e83ce9c23cb24cd16ef918778d459116110c7722301f4b4a7b54cca64eb9dc85fd0b
SSDEEP

12288:kO5jgT2yjEu28CabWuJq2rUlqXGvw+J4V:2Sy4u28CaZJDrMqXWJg

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567.jar

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567.jar

Resource

win10v2004-20240611-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567.jar
- Size
  
  448KB
- MD5
  
  633bdb02e821ed7d851d56782fd146b4
- SHA1
  
  698ca6a9a04301a0ec8e2e5299a2a6f3a2a3db83
- SHA256
  
  e8ee8e0e3be3c2819b17d2e2964c3b3427f1b9ca343de15188c029196df8e567
- SHA512
  
  21e0faca206c59ae8e2f9ff6504846e677769a4190ab6a291a4b73499d50e83ce9c23cb24cd16ef918778d459116110c7722301f4b4a7b54cca64eb9dc85fd0b
- SSDEEP
  
  12288:kO5jgT2yjEu28CabWuJq2rUlqXGvw+J4V:2Sy4u28CaZJDrMqXWJg
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy