STRRAT is a multi-capability Remote Access Trojan that dates to at least mid-2020. Unusually, it is Java-based and is typically delivered via phishing email to victims. Like most phishing attacks, previous STRAAT campaigns have used an intermediate dropper attached to the email that downloads the final payload when opened. This sample dispenses with that tactic and instead attaches the final payload directly to the phishing email.
REFERENCE:
INDUSTRY:
MALWARE FAMILY:
STRRAT
ATT&CK IDS:
T1056 - Input Capture, T1193 - Spearphishing Attachment, T1137.001 - Office Template Macros, T1071 - Application Layer Protocol, T1219 - Remote Access Software, T1119 - Automated Collection
email [email protected]
email [email protected]
URL http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
*Beware click the link!