Malware – A Case Study of STRRAT
STRRAT is a Java-based malware that executes multiple commands transmitted by the C2 server. The JAR file was obfuscated using the Allatori obfuscator. It establishes persistence on the host by copying to the Startup folder and creating a scheduled task and a Run registry entry. The functionalities of the implemented commands include: reboot the machine, uninstall the malware and delete all its traces, download and execute files, update the initial JAR file, execute commands using cmd and powershell, open/delete/download/upload files specified by the C2 server, perform keylogger activities, retrieve a list of running processes, implement a reverse proxy on the machine, install RDPWrap that enables Remote Desktop Host support, steal passwords from multiple browsers and email clients, attempt to elevate privileges, and implement a functional ransomware module.
Views: 0
