MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


STRRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f
SHA3-384 hash: 44580ace2b4936d571d8141a56a8476a6a083f9f15b9b0b47735ac85daa743122d618934988c3f2eff7de1917b2cfa39
SHA1 hash: 2ced260d71011c450dab5145881fad5460d00edb
MD5 hash: 9f529d816bffd28587755104a62e7ffe
humanhash: oklahoma-minnesota-massachusetts-massachusetts
File name:cejetjwve.txt
Download: download sample
Signature STRRAT
Create hunting rule
File size:94'789 bytes
First seen:2021-09-26 16:24:51 UTC
Last seen:2021-09-27 15:23:16 UTC
File type: zip
MIME type:application/zip
ssdeep 1536:EA/11A3EP1H9QT1+jg6cv7nGSQPsimd0opLg2j3T7lbhe5v0HGvcvx9pAHr+l:EAQ3EP1dQMjoGNP7mKo9g2rTq5vNvxL4
TLSH T1EE93C02B387BE078D103183B506999236A0D56DAF94D221B22FC045ADE34D6E9B376DF
Reporter AndreGironda
Tags:jar STRRAT


Avatar
AndreGironda
MITRE T1566.001
Date: 24 Sep 2021 12:32:51 +0200
Received: from canplast.com.tr (unknown [45.133.1.72])
From: "Eren Abasiyanik" <info@canplast.com.tr>
Subject: Quotation_Request
Message-ID: <20210924123251.FC57129170891FF0@canplast.com.tr>
Attachment Name: Quotation_Request.rar
Attachment Name: 7eb6ad23b9cc0bdbd29f186cf2515eca0ba76cb43f0241b63c1bcbc15801207f
Container zipfile Name: Quotation_Request.7z
Container zipfile SHA256: ebc60e5c4722122c5cb29dd49e2e58da60750d82a851bf6ffbd83392579178b1
JScript Dropper Name: Quotation_Request.js
JScript Dropper SHA256: c480fe7adba62a2d2f5b983c88358306ee204d94eedceae5f72e9c8c0c6e701a
Stage URL: hXXp://str-master[.]pw/strigoi/server/ping.php?lid=khonsari
JAR Stage Name: cejetjwve.txt
JAR Stage SHA256: 7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f
STRRAT DLL SHA256: 04c9a8ab43d1eb616b84d0686c8ae1d881ef03fe4f3aa26511e5b19d35ef16af

Intelligence

File Origin
# of uploads :
2
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Java.Siggen.498.18366.14673.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f/
Threat name:
ByteCode-JAVA.Trojan.StrRat
Create hunting rule
Status:
Malicious
First seen:
2021-09-26 16:25:06 UTC
AV detection:
21 of 45 (46.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ppmas7papdzb474x3qcpvrxnnjgxxqccsnhc5qlzobudqmb67yxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210926-twypjsfbd4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Java Script (JS) js c480fe7adba62a2d2f5b983c88358306ee204d94eedceae5f72e9c8c0c6e701a

STRRAT

zip 7bd8097de078f21e7f97dc04fac6ed6a4d7bc042934e2ec179706838303efe2f

(this sample)

DLL dll 04c9a8ab43d1eb616b84d0686c8ae1d881ef03fe4f3aa26511e5b19d35ef16af

anyrun
any.run
https://app.any.run/tasks/6aa3e242-005b-40da-9909-bfc12a3e72e6/
  
Dropped by
SHA256 c480fe7adba62a2d2f5b983c88358306ee204d94eedceae5f72e9c8c0c6e701a
  
Dropping
SHA256 04c9a8ab43d1eb616b84d0686c8ae1d881ef03fe4f3aa26511e5b19d35ef16af
  
Delivery method
Distributed via web download

Comments