strrat | 80ccb9fa03af599723c0ee1ad4084db53318222b7ce529bad558f5028fe01a57 | Triage

Submit
Reports

Overview

overview

Static

static

1

ZILCORP_POP.js

windows7-x64

3

ZILCORP_POP.js

windows10-2004-x64

Sharing

General

Target

ZILCORP_POP.rar
Size

256KB
Sample

240624-ktgtksxcnm
MD5

1fec81e815675e859231122b8ffcd6a3
SHA1

dc4bc2f9bc34bd451293daca363b628c61847974
SHA256

80ccb9fa03af599723c0ee1ad4084db53318222b7ce529bad558f5028fe01a57
SHA512

0a77983277f701b5b6c0b652b45a7c60c45bd7ce14c84b27b5978e0de697dc95dd13875ca2bbb118cc77a49f754690bff6b195c83affc1478b5e62e6808f4524
SSDEEP

6144:XSB6dFx6RQ1ZoASP7WE4mlFd7zBxb7cbmGC5Ff:XSBMx6kuASPKEdlFd7X3caGCXf

Score

10^/10

strrat discovery execution persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ZILCORP_POP.js

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZILCORP_POP.js

Resource

win10v2004-20240226-en

strrat discovery execution persistence stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ZILCORP_POP.js
- Size
  
  424KB
- MD5
  
  228ffb4e92fdb79da09e379168d28b7d
- SHA1
  
  00ab295a54b2a2892dc9a178be819c8cf6648ed0
- SHA256
  
  93b921e53498e0ce61fa8740e083f55a10d72b0b9a406cdb05a9860ffcc94eb9
- SHA512
  
  6c3c76b0294a9a5ac2c55f03c0524d9ac5a037c5f374c1a80aa6e15d6f4f1068b65d9db0460e5d37becb06709c414c3f2c81060d76dbf7077fc46330f1b066c9
- SSDEEP
  
  6144:XQqj5e5byQl5AQE/fGn+Z+8sE1mTzJh2gIABvxOsMUURJNOkk52dUe:g3VlS2+4vKCzbtB5Os/r2dUe
Score

10^/10

execution strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoveryexecutionpersistencestealertrojan

© 2018-2024

Terms | Privacy