strrat | 29e53614d83271baa6665f31f4c952e22c77dcf303fe5fbe983e16ea009de89f | Triage

Submit
Reports

Overview

overview

Static

static

1

5af0150495...d8.jar

windows7-x64

1

5af0150495...d8.jar

windows10-2004-x64

Sharing

General

Target

f2bc7c3ad4511d285fc70c50a05b0902.bin
Size

475KB
Sample

240614-dlcfkawhpk
MD5

61e67a98ca039225af23a139009ff277
SHA1

30906378db920992334551beeb6e0f29ac438e24
SHA256

29e53614d83271baa6665f31f4c952e22c77dcf303fe5fbe983e16ea009de89f
SHA512

9abd06a7821f4745880884af34e449477633e97775d55b806e3fb78f59b5f69012697cb76bd1c5e452d8827163f344005a40041ce14765ad3b8da1e22dd13d4a
SSDEEP

12288:n1ykHhzmSQEy8VGjJDf3eVA1916znf+9gEVkL33oCDKtiJun:nf0SXTuJDfuV6gf+9gekL33oqm

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8.jar

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8.jar

Resource

win10v2004-20240611-en

strrat discovery persistence stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8.jar
- Size
  
  481KB
- MD5
  
  f2bc7c3ad4511d285fc70c50a05b0902
- SHA1
  
  3c6a1ce4ad140df0b3c14a192ced9feeaa8f9618
- SHA256
  
  5af01504959b39b2f98ae92238fff4d9580eaa1d61a555da6b3e697dbcb1bbd8
- SHA512
  
  d7e2cb4e458c3dcff94a3b484860a81d9eb1dd4269cd055912c5fff921aa249e62a7a65b023a45f52de1e13553ae2de4d2659ba6085358d0a39941d4022b4978
- SSDEEP
  
  12288:ualS3KeQSPEYtvPYpFMRb5h3pCSt1kQB+W5Kcr:uSS3lb3YIRoM+Wv
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy