MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ecc6468de96ac9ae350154c117610dd3062f968be547d6b67b3f126fee512e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



STRRAT


Vendor detections: 5


Intelligence 5 IOCs 1 YARA File information Comments

SHA256 hash: 3ecc6468de96ac9ae350154c117610dd3062f968be547d6b67b3f126fee512e9
SHA3-384 hash: 36948e6115b471e8b37e340d27dae16f886c462613df58f4110845f0ccb1a9a6304716819fd3b8a0baafbfd066e23b06
SHA1 hash: 99dce2074fd2cca2ede69a3b08cf33a574a4a976
MD5 hash: ccfdd7c24c9029f301ee94dbc9441ace
humanhash: magnesium-equal-enemy-twenty
File name:NRB-RTGS 28-Sept 2021.jar
Download: download sample
Signature STRRAT
File size:106'220 bytes
First seen:2021-09-28 07:03:21 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 3072:Q+0dMqzH4I51/j6SJtXr3JN0GMAxoKQ9YDQ:QFesH4i1BJVr5QACKD0
TLSH T1B6A3D06B7CAAE5F6E547C035880C8236E61C539CE1D4593F64FC74998DB1CAC0B26A8F
Reporter @abuse_ch
Tags:jar STRRAT


Twitter
@abuse_ch
STRRAT C2:
185.244.30.213:5051

Intelligence


File Origin
# of uploads :
1
# of downloads :
115
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
ID:
1
File name:
NRB-RTGS 28-Sept 2021.jar
Verdict:
No threats detected
Analysis date:
2021-09-28 07:04:22 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Threat name:
Detection:
malicious
Classification:
evad.troj
Score:
60 / 100
Signature
Multi AV Scanner detection for submitted file
Yara detected AllatoriJARObfuscator
Yara detected STRRAT
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 492006 Sample: NRB-RTGS 28-Sept 2021.jar Startdate: 28/09/2021 Architecture: WINDOWS Score: 60 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected STRRAT 2->30 32 Yara detected AllatoriJARObfuscator 2->32 8 cmd.exe 2 2->8         started        10 cmd.exe 1 2->10         started        process3 process4 12 java.exe 5 8->12         started        16 conhost.exe 8->16         started        18 7za.exe 73 10->18         started        dnsIp5 26 192.168.2.1 unknown unknown 12->26 24 C:\cmdlinestart.log, ASCII 12->24 dropped 20 icacls.exe 1 12->20         started        file6 process7 process8 22 conhost.exe 20->22         started       
Threat name:
ByteCode-JAVA.Downloader.BanLoad
Status:
Malicious
First seen:
2021-09-28 07:04:05 UTC
AV detection:
10 of 45 (22.22%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash

Indicators Of Compromise (IOCs)


Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
185.244.30.213:5051 https://threatfox.abuse.ch/ioc/227346

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments