strela | efeacce1ff64045b4b4f04b54150ef2ed991c0850bc22b6220fc37b69eb3f1e7 | Triage

Sharing

General

Target

07045399.js
Size

983KB
Sample

230615-pxkf4agh56
MD5

9f4af81cf00fb1da6fdbf126695901a2
SHA1

4a8a5b7bd98cfda95ad7e812efbcd821118e1a7d
SHA256

efeacce1ff64045b4b4f04b54150ef2ed991c0850bc22b6220fc37b69eb3f1e7
SHA512

becec29f8aeb0b88c2a874514cfc1bdd410f4a24cd926c82599a258d974c238e8e67c13c56a29b613851cba34a32beb2882b1bf86230b0224ba71aeedd6882a0
SSDEEP

6144:/SEXpiYT5y2UKO8PRH/unwH0I5VAQ9xsvwV11/7lCzOM0G2dg8pW88s0w1K4t8mj:/qVnwUExjjt+2T8s0w1ny/GCDR3CYwXn

Score

10^/10

strela spyware stealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Targets

- Target
  
  07045399.js
- Size
  
  983KB
- MD5
  
  9f4af81cf00fb1da6fdbf126695901a2
- SHA1
  
  4a8a5b7bd98cfda95ad7e812efbcd821118e1a7d
- SHA256
  
  efeacce1ff64045b4b4f04b54150ef2ed991c0850bc22b6220fc37b69eb3f1e7
- SHA512
  
  becec29f8aeb0b88c2a874514cfc1bdd410f4a24cd926c82599a258d974c238e8e67c13c56a29b613851cba34a32beb2882b1bf86230b0224ba71aeedd6882a0
- SSDEEP
  
  6144:/SEXpiYT5y2UKO8PRH/unwH0I5VAQ9xsvwV11/7lCzOM0G2dg8pW88s0w1K4t8mj:/qVnwUExjjt+2T8s0w1ny/GCDR3CYwXn
Score

10^/10

strela spyware stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strelaspywarestealer

behavioral2

strelaspywarestealer