Threat Watch

Microsoft Warns of STRRAT Mimicking Ransomware

As originally reported by TheRecord, Microsoft analysts are warning of a recent resurgence of the Java-based backdoor STRRAT.  This backdoor was distributed over malspam containing malicious PDF attachments.  STRRAT, written in Java, is a typical credential stealer with the addition of a custom shell/PowerShell command execution.  Additionally, the rat allows attackers to install RDWrap, an open source RDP session tool.  The RAT also renames file extensions on the system to “.crimson” however it doesn’t encrypt the files.  Renaming the files fixes the change.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As this RAT is spread over PDF attachments in malspam, Binary Defense recommends avoid opening attachments from email addresses that they don’t trust. Additionally, Binary Defense recommends employing a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force.

https://therecord.media/microsoft-warns-of-malware-campaign-spreading-a-rat-masquerading-as-ransomware/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support