STRRAT (Malware Family)

STRRAT

STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging. It supports the following browsers and email clients: Firefox, Internet Explorer, Chrome, Foxmail, Outlook, Thunderbird.

Since Version 1.2 and above, STRRAT was infamous for its ransomware-like behavior of appending the file name extension .crimson to files. Version 1.5 is notably more obfuscated and modular than previous versions, but the backdoor functions mostly remain the same: collect browser passwords, run remote commands and PowerShell, log keystrokes, among others. Version 1.5 of STRRAT Malware includes a proper encryption routine, though currently pretty simple to revert.

References

2024-03-12 ⋅ Fortinet ⋅ Yurren Wan
VCURMS: A Simple and Functional Weapon
STRRAT

2023-05-04 ⋅ SecurityScorecard ⋅ Vlad Pasca
How to Analyze Java Malware – A Case Study of STRRAT
STRRAT

2022-10-27 ⋅ ANY.RUN ⋅ ANY.RUN
STRRAT: Malware Analysis of a JAR archive
STRRAT

2022-02-02 ⋅ forensicitguy ⋅ Tony Lambert
STRRAT Attached to a MSI File
STRRAT

2022-01-20 ⋅ Fortinet ⋅ James Slaughter
New STRRAT RAT Phishing Campaign
STRRAT

2021-11-23 ⋅ HP ⋅ Patrick Schläpfer
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos

2021-11-04 ⋅ Deep instinct ⋅ Shaul Vilkomir-Preisman
Understanding the Windows JavaScript Threat Landscape
STRRAT Griffon BlackByte Houdini Vjw0rm FIN7

2021-10-19 ⋅ Cisco ⋅ Artsiom Holub
STRRAT, ZLoader, and HoneyGain
STRRAT Zloader

2021-10-09 ⋅ JPMinty ⋅ Jai Minton
Reverse Engineering Analysis Lab - STRRAT
STRRAT

2021-10-04 ⋅ JPMinty ⋅ Jai Minton
STRRAT Analysis
STRRAT

2021-10-01 ⋅ HP ⋅ HP Wolf Security
Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm

2021-09-01 ⋅ InfoSec Handlers Diary Blog ⋅ Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
STRRAT

2021-05-20 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Security Intelligence
Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT

2021-05-20 ⋅ Github (microsoft) ⋅ Microsoft
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy

2020-06-16 ⋅ G Data ⋅ Karsten Hahn
New Java STRRAT ships with .crimson ransomware module
STRRAT

There is no Yara-Signature yet.

STRRAT Propose Change

References

STRRAT