SYMBOLCOMMON_NAMEaka. SYNONYMS
jar.strrat (Back to overview)

STRRAT

STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging. It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird.

Since Version 1.2 and above, STRRAT was infamous for its ransomware-like behavior of appending the file name extension .crimson to files. Version 1.5 is notably more obfuscated and modular than previous versions, but the backdoor functions mostly remain the same: collect browser passwords, run remote commands and PowerShell, log keystrokes, among others. Version 1.5 of STRRAT Malware includes a proper encryption routine, though currently pretty simple to revert.

References
2022-10-27ANY.RUNANY.RUN
@online{anyrun:20221027:strrat:1b2aef4, author = {ANY.RUN}, title = {{STRRAT: Malware Analysis of a JAR archive}}, date = {2022-10-27}, organization = {ANY.RUN}, url = {https://any.run/cybersecurity-blog/strrat-malware-analysis-of-a-jar-archive/}, language = {English}, urldate = {2022-11-07} } STRRAT: Malware Analysis of a JAR archive
STRRAT
2022-02-02forensicitguyTony Lambert
@online{lambert:20220202:strrat:c81498a, author = {Tony Lambert}, title = {{STRRAT Attached to a MSI File}}, date = {2022-02-02}, organization = {forensicitguy}, url = {https://forensicitguy.github.io/strrat-attached-to-msi/}, language = {English}, urldate = {2022-02-04} } STRRAT Attached to a MSI File
STRRAT
2022-01-20FortinetJames Slaughter
@online{slaughter:20220120:new:7cef736, author = {James Slaughter}, title = {{New STRRAT RAT Phishing Campaign}}, date = {2022-01-20}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/new-strrat-rat-phishing-campaign}, language = {English}, urldate = {2022-11-21} } New STRRAT RAT Phishing Campaign
STRRAT
2021-11-23HPPatrick Schläpfer
@online{schlpfer:20211123:ratdispenser:4677686, author = {Patrick Schläpfer}, title = {{RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild}}, date = {2021-11-23}, organization = {HP}, url = {https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/}, language = {English}, urldate = {2021-11-29} } RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-11-04Deep instinctShaul Vilkomir-Preisman
@online{vilkomirpreisman:20211104:understanding:c22abf4, author = {Shaul Vilkomir-Preisman}, title = {{Understanding the Windows JavaScript Threat Landscape}}, date = {2021-11-04}, organization = {Deep instinct}, url = {https://www.deepinstinct.com/blog/understanding-the-windows-javascript-threat-landscape}, language = {English}, urldate = {2021-11-19} } Understanding the Windows JavaScript Threat Landscape
STRRAT Griffon BlackByte Houdini Vjw0rm FIN7
2021-10-19CiscoArtsiom Holub
@online{holub:20211019:strrat:4522f11, author = {Artsiom Holub}, title = {{STRRAT, ZLoader, and HoneyGain}}, date = {2021-10-19}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-strrat-zloader-honeygain}, language = {English}, urldate = {2021-10-26} } STRRAT, ZLoader, and HoneyGain
STRRAT Zloader
2021-10-09JPMintyJai Minton
@online{minton:20211009:reverse:b389130, author = {Jai Minton}, title = {{Reverse Engineering Analysis Lab - STRRAT}}, date = {2021-10-09}, organization = {JPMinty}, url = {https://www.jaiminton.com/reverse-engineering/strrat#}, language = {English}, urldate = {2021-12-09} } Reverse Engineering Analysis Lab - STRRAT
STRRAT
2021-10-04JPMintyJai Minton
@online{minton:20211004:strrat:ce3bc16, author = {Jai Minton}, title = {{STRRAT Analysis}}, date = {2021-10-04}, organization = {JPMinty}, url = {https://www.jaiminton.com/reverse-engineering/strrat}, language = {English}, urldate = {2021-10-05} } STRRAT Analysis
STRRAT
2021-10HPHP Wolf Security
@techreport{security:202110:threat:49f8fc2, author = {HP Wolf Security}, title = {{Threat Insights Report Q3 - 2021}}, date = {2021-10}, institution = {HP}, url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/10/HP-Wolf-Security-Threat-Insights-Report-Q3-2021.pdf}, language = {English}, urldate = {2021-10-25} } Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-01InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210901:strrat:82432b9, author = {Brad Duncan}, title = {{STRRAT: a Java-based RAT that doesn't care if you have Java}}, date = {2021-09-01}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27798}, language = {English}, urldate = {2021-09-02} } STRRAT: a Java-based RAT that doesn't care if you have Java
STRRAT
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210520:javabased:ce966f5, author = {Microsoft Security Intelligence}, title = {{Tweet on Java-based STRRAT malware campaign distributed via email}}, date = {2021-05-20}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1395138347601854465}, language = {English}, urldate = {2021-05-25} } Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT
2021-05-20Github (microsoft)Microsoft
@online{microsoft:20210520:microsoft:41112d3, author = {Microsoft}, title = {{Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares}}, date = {2021-05-20}, organization = {Github (microsoft)}, url = {https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries}, language = {English}, urldate = {2021-05-25} } Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2020-06-16G DataKarsten Hahn
@online{hahn:20200616:new:124c3d1, author = {Karsten Hahn}, title = {{New Java STRRAT ships with .crimson ransomware module}}, date = {2020-06-16}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/strrat-crimson}, language = {English}, urldate = {2020-06-16} } New Java STRRAT ships with .crimson ransomware module
STRRAT

There is no Yara-Signature yet.