Overview

overview

10

Static

static

10

af3a6b3593...45.jar

windows7-x64

1

af3a6b3593...45.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e61042273c1bd9c0a7ea0bc9148cde03.bin

  • Size

    197KB

  • Sample

    240702-cbx4vasbpg

  • MD5

    aa7d316b8a4a0c7168da3a170fe8b69d

  • SHA1

    9f8ab96e353dda505950b8311fe4e6fb93418b34

  • SHA256

    1a811433423a55c3e8ba9c3a51ef6fe2b3898591cc201444babbf2fb9d059eb4

  • SHA512

    7859b7e894c17f508a602a3701bd5008126da9c055f08b6ec29ec96f967a10a7a32486de13d91ee8ae91c8a4f4728b1b531847b42472d5ebeb7efb920c531503

  • SSDEEP

    3072:bQ21e18w6MWYUc/x8Gn8+YXSpR2Vm7hYXB9ishIS1QFUr/kWYrsU:Ljw5/Oq8tXSpR2aKXB6aVrcSU

Score
10/10
strratdiscoverypersistencestealertrojan

Malware Config

Targets

    • Target

      af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45.jar

    • Size

      203KB

    • MD5

      e61042273c1bd9c0a7ea0bc9148cde03

    • SHA1

      4a00bf1ff4bb6f308556a383f70bd67bd6a87282

    • SHA256

      af3a6b35935ec9a991e853f2a386e38bd91d5d2f2d9c35cb6ca5b1481cb5ec45

    • SHA512

      da27c7f1293b4817b2a17f4ec50e7729345f828f0e8141bde37c0be86decb535f93eccaabec15a4048755f5ba1a397a142a8bfab0df422370de14a74bb14a263

    • SSDEEP

      3072:iV+8Cg5sDtvolhhIMNQLfdDqrp81gYNJk4uzY+JqtT0zPLoBsWfTyjn+:sjStvGhXNjt81gYNqNcpYzP0WWfT4+

    Score
    10/10
    strratdiscoverypersistencestealertrojan

    • STRRAT

      STRRAT is a remote access tool than can steal credentials and log keystrokes.

      trojanstealerstrrat

    • Drops startup file

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks