strela | dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97 | Triage

Sharing

General

Target

245801581727854.js
Size

73.9MB
Sample

230717-jd7jmabd5x
MD5

84798e626d4c24263f37aefbce22b2dd
SHA1

1cb20a4b34897071da215ccc6fd0f26d1126f7b8
SHA256

dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97
SHA512

d6ac0b6e0af996db620efec4b2e3e8878b1d81f463ebff81babc2b50b516497c2c5c45a9caf6f982c1e25adfcf0284e7d7c01e93cba91c500ed5890cb1ad5a68
SSDEEP

24576:2HhxCJABAMp1LFR1TAH3boV7f9LAjBMyYxn0PAehUrVAY:at0RU5

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Targets

- Target
  
  245801581727854.js
- Size
  
  73.9MB
- MD5
  
  84798e626d4c24263f37aefbce22b2dd
- SHA1
  
  1cb20a4b34897071da215ccc6fd0f26d1126f7b8
- SHA256
  
  dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97
- SHA512
  
  d6ac0b6e0af996db620efec4b2e3e8878b1d81f463ebff81babc2b50b516497c2c5c45a9caf6f982c1e25adfcf0284e7d7c01e93cba91c500ed5890cb1ad5a68
- SSDEEP
  
  24576:2HhxCJABAMp1LFR1TAH3boV7f9LAjBMyYxn0PAehUrVAY:at0RU5
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3