strela | 80c7906a7e228cb7612cb94ef9f25de02c8520a5c7ec983cc117fe5f75c11f1f | Triage

Sharing

General

Target

PDF152551386013601.js
Size

1.1MB
Sample

230721-pgwt7aef39
MD5

2401ec9ab6c8a2c5ebcfdd3542411ad6
SHA1

5f7eb86500f85f53cc1647db6b8571cfc044a115
SHA256

80c7906a7e228cb7612cb94ef9f25de02c8520a5c7ec983cc117fe5f75c11f1f
SHA512

02a2f8eb4640b7f0b67d2689a37fc587c6f2489d0f6a01f80ba632a3f41264a64cc2d05aca6e399d89b6674083f543cb994385c67c8eca030d8748ef01728873
SSDEEP

24576:AACtn8Kmt03FWjMjGsyZWuPFOLqCF/Hp2w8Qr/8Nhctk+gniMKlF7vc39gW:3N

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Targets

- Target
  
  PDF152551386013601.js
- Size
  
  1.1MB
- MD5
  
  2401ec9ab6c8a2c5ebcfdd3542411ad6
- SHA1
  
  5f7eb86500f85f53cc1647db6b8571cfc044a115
- SHA256
  
  80c7906a7e228cb7612cb94ef9f25de02c8520a5c7ec983cc117fe5f75c11f1f
- SHA512
  
  02a2f8eb4640b7f0b67d2689a37fc587c6f2489d0f6a01f80ba632a3f41264a64cc2d05aca6e399d89b6674083f543cb994385c67c8eca030d8748ef01728873
- SSDEEP
  
  24576:AACtn8Kmt03FWjMjGsyZWuPFOLqCF/Hp2w8Qr/8Nhctk+gniMKlF7vc39gW:3N
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3