strela | 35d7dcb077ba2ca528f596b1680ffe10a3ca6c54ad5233874635493006f006f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PALSTRING825198304jsjsjsj.js
Size

988KB
Sample

230709-j71m6sbd83
MD5

96f13024eab757f2e03a0658ebb9614e
SHA1

4ab6f43a25e8b034a6827a1460acee5d71eb87e0
SHA256

35d7dcb077ba2ca528f596b1680ffe10a3ca6c54ad5233874635493006f006f2
SHA512

cd6435f1489f7733634fa170d047cba2a6510a428946def183f6828946f1465a2cb751259fde9f951f2d6efe3cce361c4fd696f2b1fc30f073375d53920452b3
SSDEEP

6144:bK9I7uy4oFr+zYpsA8GXqCX3H6dQorer1WXZWofjftqZhp1npUFKj+ExK31Oq5Gu:BmIz1W7TtqZ31npUq+f3NACY6wk

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Targets

- Target
  
  PALSTRING825198304jsjsjsj.js
- Size
  
  988KB
- MD5
  
  96f13024eab757f2e03a0658ebb9614e
- SHA1
  
  4ab6f43a25e8b034a6827a1460acee5d71eb87e0
- SHA256
  
  35d7dcb077ba2ca528f596b1680ffe10a3ca6c54ad5233874635493006f006f2
- SHA512
  
  cd6435f1489f7733634fa170d047cba2a6510a428946def183f6828946f1465a2cb751259fde9f951f2d6efe3cce361c4fd696f2b1fc30f073375d53920452b3
- SSDEEP
  
  6144:bK9I7uy4oFr+zYpsA8GXqCX3H6dQorer1WXZWofjftqZhp1npUFKj+ExK31Oq5Gu:BmIz1W7TtqZ31npUq+f3NACY6wk
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2