MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


STRRAT


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23
SHA3-384 hash: 2046fe024119d791df00a9f83c75f1adcc74e08c86edbb8dfedd612c35f0d20c31cb411720ef86129f7b54a2a00a042f
SHA1 hash: 74dc44ea1bd418faf36740c7f68ac00c08e27f8b
MD5 hash: 34a837b312c350af3ebf4b72454fcb69
humanhash: eighteen-cardinal-utah-harry
File name:Shipping Bill2008581 dated01042026.pdf.zip
Download: download sample
Signature STRRAT
Create hunting rule
File size:40'622 bytes
First seen:2026-04-01 14:30:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:pC6hBK/HyrIax6ME/o+wj4PrB7hl9IKL0g9WHoMbhjxuyfTFlYsntC:oyBqStxx63wQrphl9IK/WHokh0cTFlbA
TLSH T15A03F227355A25718ABD26F98C03F961F6EA212F4799F8D8339234784F314A4AD7850A
Magika zip
Reporter Anonymous
Tags:STRRAT zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
US US
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:MANIFEST.MF
File size:238 bytes
SHA256 hash: c5e4a917d632fe6d3ebbf811cb2cf51266c6e303905a3b88f1645d2ac3a2baf2
MD5 hash: 53c8f62aef3cd9a029d5b7a61d7e12f8
MIME type:text/plain
Signature STRRAT
File name:caesium_19.class
File size:1 bytes
SHA256 hash: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
MD5 hash: 93b885adfe0da089cdf634904fd59f71
MIME type:application/octet-stream
Signature STRRAT
File name:config.txt
File size:264 bytes
SHA256 hash: ad4dc5f357c01c5332e01db20b7ee14693995f8a6ec276164ccd6900e9623004
MD5 hash: 17cab22916d1ca2460577d851d4b9fe1
MIME type:text/plain
Signature STRRAT
Vendor Threat Intelligence
Gathering data
Detection(s):
TwinWave.EvilJAR.e_STRRAT_Shuffle.20240412.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27013.JsHeur.Obfs.UNOFFICIAL
Create hunting rule

Java.Malware.CVE_2021_44228-9915819-0
Create hunting rule

PUA.Java.Packer.Allatori-1
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cd2b876363ca5d27f09cd6
Tags:
n/a
Result
Verdict:
Malicious
File Type:
ZIP File
Link:
https://app.docguard.net/9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/69cd2c35e2df9aa488c24c3a/reports/0aa424b4-9c11-4b6b-8921-e52672cf719f/overview
Verdict:
Suspicious
Labled as:
Mal/DrodZp
Link:
https://www.hybrid-analysis.com/sample/9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23
Verdict:
Malicious
File Type:
zip
First seen:
2026-04-01T05:53:00Z UTC
Last seen:
2026-04-01T10:09:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23/results?tab=lookup
Score:
3%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/34a837b312c350af3ebf4b72454fcb69
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b160425fb2a2d6cd125509bface7b506430a35efa2dd3443dffe464f4a46b23/
Threat name:
Win32.Trojan.Qwexlafiba
Create hunting rule
Status:
Malicious
First seen:
2026-04-01 10:05:09 UTC
File Type:
Binary (Archive)
Extracted files:
165
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmlaijp3fiwwzujfkcn7vtt3kbsdbi267iw5grb577sgj5fenmrq._file
Result
Malware family:
strrat
Create hunting rule
Score:
  10/10
Tags:
family:strrat discovery execution persistence stealer trojan
Link:
https://tria.ge/reports/260401-s77adsdy8l/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
System Network Configuration Discovery: Internet Connection Discovery
Adds Run key to start application
Drops startup file
STRRAT
Strrat family
Malware Config
C2 Extraction:
aprilmagic2026.mrbasic.com:1981
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:STRRAT
Create hunting rule
Author:NDA0E
Description:Detects STRRAT config filename
Rule name:strrat_jar_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments