jar.strrat (Back to overview)


STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging. It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird.

Since Version 1.2 and above, STRRAT was infamous for its ransomware-like behavior of appending the file name extension .crimson to files. Version 1.5 is notably more obfuscated and modular than previous versions, but the backdoor functions mostly remain the same: collect browser passwords, run remote commands and PowerShell, log keystrokes, among others. Version 1.5 of STRRAT Malware includes a proper encryption routine, though currently pretty simple to revert.

2024-03-12FortinetYurren Wan
VCURMS: A Simple and Functional Weapon
2023-05-04SecurityScorecardVlad Pasca
How to Analyze Java Malware – A Case Study of STRRAT
STRRAT: Malware Analysis of a JAR archive
2022-02-02forensicitguyTony Lambert
STRRAT Attached to a MSI File
2022-01-20FortinetJames Slaughter
New STRRAT RAT Phishing Campaign
2021-11-23HPPatrick Schläpfer
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2021-11-04Deep instinctShaul Vilkomir-Preisman
Understanding the Windows JavaScript Threat Landscape
STRRAT Griffon BlackByte Houdini Vjw0rm FIN7
2021-10-19CiscoArtsiom Holub
STRRAT, ZLoader, and HoneyGain
STRRAT Zloader
2021-10-09JPMintyJai Minton
Reverse Engineering Analysis Lab - STRRAT
2021-10-04JPMintyJai Minton
STRRAT Analysis
2021-10-01HPHP Wolf Security
Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm
2021-09-01InfoSec Handlers Diary BlogBrad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
Tweet on Java-based STRRAT malware campaign distributed via email
2021-05-20Github (microsoft)Microsoft
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2020-06-16G DataKarsten Hahn
New Java STRRAT ships with .crimson ransomware module

There is no Yara-Signature yet.