strela | 32d14ea85053943fb0d99b86ebad7a974d6afc460dfaeb57afa90a974f18da99 | Triage

Sharing

General

Target

document3044011243.js
Size

976KB
Sample

230718-lt5fbahd79
MD5

c7a0d6962c3a798b4d6603a41e9a8647
SHA1

7ab2a4088f1a66b33a7b02f40d255427e319afbc
SHA256

32d14ea85053943fb0d99b86ebad7a974d6afc460dfaeb57afa90a974f18da99
SHA512

5f59c33b9c765dc3cc874693b4598fd23a11d3d39501cf452810e71416d5164914bbfd63b95e9d556ecb317783d383b373518d367f2702ee16461c30717225b6
SSDEEP

12288:fwERJLB3YMdX3uMYmlRdex/TSJaSGVobPb2NCYxY8:NV9nuM+AJaSaobPKB

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Targets

- Target
  
  document3044011243.js
- Size
  
  976KB
- MD5
  
  c7a0d6962c3a798b4d6603a41e9a8647
- SHA1
  
  7ab2a4088f1a66b33a7b02f40d255427e319afbc
- SHA256
  
  32d14ea85053943fb0d99b86ebad7a974d6afc460dfaeb57afa90a974f18da99
- SHA512
  
  5f59c33b9c765dc3cc874693b4598fd23a11d3d39501cf452810e71416d5164914bbfd63b95e9d556ecb317783d383b373518d367f2702ee16461c30717225b6
- SSDEEP
  
  12288:fwERJLB3YMdX3uMYmlRdex/TSJaSGVobPb2NCYxY8:NV9nuM+AJaSaobPKB
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2