MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



STRRAT


Vendor detections: 6


Intelligence 6 IOCs 1 YARA File information Comments

SHA256 hash: 20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
SHA3-384 hash: b85cb3e2957d874e88db88f95f3cab8a6086b4fa6810a7a96feb35d941e35d231aeb9504ac52fd514f9c03665b5591ac
SHA1 hash: 491e913225a8c8d144c538fe27cf62f5a8465b38
MD5 hash: 8eab8f1a928fa55303b7558536079a2a
humanhash: hawaii-emma-burger-ten
File name:Quotation.jar
Download: download sample
Signature STRRAT
File size:188'977 bytes
First seen:2021-09-28 10:46:27 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 3072:vCcBIJZi3Kd1+Fv2CmQMKMh4BoRAnm8KELI09Cu/qinGVexOvwGyJ5e/wWR5inCw:6jc3Kd1xDQMKoTAnmEL6enGVZdyy/QCw
TLSH T15904F10FBD9E8C92E02B1432A919DA31EB0D8398D417D02F52FC8A984D75D6D2793B5F
Reporter @abuse_ch
Tags:jar STRRAT


Twitter
@abuse_ch
STRRAT C2:
37.0.8.76:2664

Intelligence


File Origin
# of uploads :
1
# of downloads :
96
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
ID:
1
File name:
Quotation.jar
Verdict:
No threats detected
Analysis date:
2021-09-28 10:48:30 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Threat name:
Detection:
malicious
Classification:
evad.troj
Score:
60 / 100
Signature
Multi AV Scanner detection for submitted file
Yara detected AllatoriJARObfuscator
Yara detected STRRAT
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 492179 Sample: Quotation.jar Startdate: 28/09/2021 Architecture: WINDOWS Score: 60 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected STRRAT 2->27 29 Yara detected AllatoriJARObfuscator 2->29 8 cmd.exe 2 2->8         started        10 cmd.exe 1 2->10         started        process3 process4 12 java.exe 5 8->12         started        15 conhost.exe 8->15         started        17 7za.exe 70 10->17         started        file5 23 C:\cmdlinestart.log, ASCII 12->23 dropped 19 icacls.exe 1 12->19         started        process6 process7 21 conhost.exe 19->21         started       
Threat name:
ByteCode-JAVA.Trojan.StrRat
Status:
Malicious
First seen:
2021-09-28 10:47:04 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash

Indicators Of Compromise (IOCs)


Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
37.0.8.76:2664 https://threatfox.abuse.ch/ioc/227286

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments