strela | 4170ba635a24ada6c8de5430a1ad9f2f1414db4ae44a548de1e8099d1228dde1 | Triage

Resubmissions

05-07-2023 12:34

230705-prx51adg7t 10

05-07-2023 12:31

230705-pp777acc35 10

Sharing

General

Target

4170ba635a24ada6c8de5430a1ad9f2f1414db4ae44a548de1e8099d1228dde1
Size

174KB
Sample

230705-pp777acc35
MD5

5379e5de81f01fd0038ac76d2fb989c8
SHA1

d7c11ede07128acfbb4f3e1485aa6873d90942fe
SHA256

4170ba635a24ada6c8de5430a1ad9f2f1414db4ae44a548de1e8099d1228dde1
SHA512

51dc9d4682d64e54fe7507c971b4b125a41f8eab30b55360191e8fca97ffc0cdec3e7fc34b77e0916b622e5fc45c2991528b41935e8b11d392f80e0dca56d324
SSDEEP

3072:z7Yk9j0btDL01h1l/tMAyrbP+yPJSDJlL4j7KHN:HL2du/VyP4DJl0jGHN

Score

10^/10

strela spyware stealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Targets

- Target
  
  4170ba635a24ada6c8de5430a1ad9f2f1414db4ae44a548de1e8099d1228dde1
- Size
  
  174KB
- MD5
  
  5379e5de81f01fd0038ac76d2fb989c8
- SHA1
  
  d7c11ede07128acfbb4f3e1485aa6873d90942fe
- SHA256
  
  4170ba635a24ada6c8de5430a1ad9f2f1414db4ae44a548de1e8099d1228dde1
- SHA512
  
  51dc9d4682d64e54fe7507c971b4b125a41f8eab30b55360191e8fca97ffc0cdec3e7fc34b77e0916b622e5fc45c2991528b41935e8b11d392f80e0dca56d324
- SSDEEP
  
  3072:z7Yk9j0btDL01h1l/tMAyrbP+yPJSDJlL4j7KHN:HL2du/VyP4DJl0jGHN
Score

10^/10

strela spyware stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Blocklisted process makes network request
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

strelaspywarestealer

behavioral2

strelaspywarestealer