Remote Access Trojan - STRRAT

Industry: N/A | Level: Tactical | Source: Fortinet

Research from FortiGuard shared information for remote access trojan (RAT), STRRAT, which has been utilized in the threat landscape since mid 2020. The latest activity with the malware involved its distribution through phishing emails, leveraging a theme that impersonates shipping company Maersk, to lure victims with messages involving product shipments and deliveries. The initial dropper is contained in a Microsoft Excel document that downloads the RAT upon execution. The java-based RAT is identified to be obfuscated with "Allatori Obfuscator." The malware setups persistence by adding entries to the autorun registry keys, with additional capabilities including check running processes, querying host information, logging keystrokes, stealing browser and email credentials.

• Anvilogic Scenario: Malicious Document Delivering Malware
• Anvilogic Use Case: Suspicious Email Attachment