Overview

overview

10

Static

static

1

dasjihejcg...hp.bat

windows7-x64

10

dasjihejcg...hp.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2023, 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dasjihejcghivsccuxzjlgydmyiujyybajpdkfvyotqelwyihp.bat

  • Size

    1.1MB

  • MD5

    2401ec9ab6c8a2c5ebcfdd3542411ad6

  • SHA1

    5f7eb86500f85f53cc1647db6b8571cfc044a115

  • SHA256

    80c7906a7e228cb7612cb94ef9f25de02c8520a5c7ec983cc117fe5f75c11f1f

  • SHA512

    02a2f8eb4640b7f0b67d2689a37fc587c6f2489d0f6a01f80ba632a3f41264a64cc2d05aca6e399d89b6674083f543cb994385c67c8eca030d8748ef01728873

  • SSDEEP

    24576:AACtn8Kmt03FWjMjGsyZWuPFOLqCF/Hp2w8Qr/8Nhctk+gniMKlF7vc39gW:3N

Score
10/10
strelastealer

Malware Config

Extracted

Family

strela

C2

91.215.85.209

Signatures

  • Strela

    An info stealer targeting mail credentials first seen in late 2022.

    stealerstrela
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\dasjihejcghivsccuxzjlgydmyiujyybajpdkfvyotqelwyihp.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\system32\findstr.exe
      findstr /V nstmepzyyvvpdvehydgghripesbrbamwixbxvicbkuwlsiceby "C:\Users\Admin\AppData\Local\Temp\dasjihejcghivsccuxzjlgydmyiujyybajpdkfvyotqelwyihp.bat"
      2⤵
        PID:2144
      • C:\Windows\system32\certutil.exe
        certutil -f -decode mspylzvhrjafeijdzzeocqdyfpshrzaqwainvoxzdoofedkvpr bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll
        2⤵
          PID:2192
        • C:\Windows\system32\rundll32.exe
          rundll32 bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll,x
          2⤵
          • Loads dropped DLL
          PID:3068

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll
        Filesize

        820KB

        MD5

        88fc768f1e1c86650a267c4c54c14607

        SHA1

        627be98bb24119e11572d0746b31be03b72d1bff

        SHA256

        0ab2b87d8f6e4931d9ffadd9d61e3a5c62b121687e3a8ca9a9b248360bbeaad8

        SHA512

        78c896fcbb47ef84aab62a565ef0d147e68df6d0e3fccceb391d7770167dc51cbcb79ec097e546b740a64d552ba5697cc1ea2c8d5d3abe9b4a5f4ac81312ceee

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\mspylzvhrjafeijdzzeocqdyfpshrzaqwainvoxzdoofedkvpr
        Filesize

        1.1MB

        MD5

        b9970d0652e0ae78de4def9c6bcd3f69

        SHA1

        1c305f1db905de98dc67718700e8e63c3ec704da

        SHA256

        ff7bb09f545ca7a8f470275c6c4314d9cac95a6ca46ef42276dfef0be6213811

        SHA512

        2a77eb5d4bc88949df1d607c04e0c7e9f64b059d3090e82fd7c5c9d9aded4336b3c4450fd8465aa6ad2c20b53826b15aa40cfbccb8e6556d6c241fdc6ed08212

        Download Submit

      • \Users\Admin\AppData\Local\Temp\bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll
        Filesize

        820KB

        MD5

        88fc768f1e1c86650a267c4c54c14607

        SHA1

        627be98bb24119e11572d0746b31be03b72d1bff

        SHA256

        0ab2b87d8f6e4931d9ffadd9d61e3a5c62b121687e3a8ca9a9b248360bbeaad8

        SHA512

        78c896fcbb47ef84aab62a565ef0d147e68df6d0e3fccceb391d7770167dc51cbcb79ec097e546b740a64d552ba5697cc1ea2c8d5d3abe9b4a5f4ac81312ceee

        Download Submit

      • \Users\Admin\AppData\Local\Temp\bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll
        Filesize

        820KB

        MD5

        88fc768f1e1c86650a267c4c54c14607

        SHA1

        627be98bb24119e11572d0746b31be03b72d1bff

        SHA256

        0ab2b87d8f6e4931d9ffadd9d61e3a5c62b121687e3a8ca9a9b248360bbeaad8

        SHA512

        78c896fcbb47ef84aab62a565ef0d147e68df6d0e3fccceb391d7770167dc51cbcb79ec097e546b740a64d552ba5697cc1ea2c8d5d3abe9b4a5f4ac81312ceee

        Download Submit

      • \Users\Admin\AppData\Local\Temp\bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll
        Filesize

        820KB

        MD5

        88fc768f1e1c86650a267c4c54c14607

        SHA1

        627be98bb24119e11572d0746b31be03b72d1bff

        SHA256

        0ab2b87d8f6e4931d9ffadd9d61e3a5c62b121687e3a8ca9a9b248360bbeaad8

        SHA512

        78c896fcbb47ef84aab62a565ef0d147e68df6d0e3fccceb391d7770167dc51cbcb79ec097e546b740a64d552ba5697cc1ea2c8d5d3abe9b4a5f4ac81312ceee

        Download Submit

      • \Users\Admin\AppData\Local\Temp\bmjblukalwjdjppvzhlrwyccchwlwkbxcrouzdyeklwzsqzbbz.dll
        Filesize

        820KB

        MD5

        88fc768f1e1c86650a267c4c54c14607

        SHA1

        627be98bb24119e11572d0746b31be03b72d1bff

        SHA256

        0ab2b87d8f6e4931d9ffadd9d61e3a5c62b121687e3a8ca9a9b248360bbeaad8

        SHA512

        78c896fcbb47ef84aab62a565ef0d147e68df6d0e3fccceb391d7770167dc51cbcb79ec097e546b740a64d552ba5697cc1ea2c8d5d3abe9b4a5f4ac81312ceee

        Download Submit

      • memory/3068-61-0x0000000000290000-0x00000000002B1000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3068-62-0x000000006D7C0000-0x000000006D895000-memory.dmp

        Filesize

        852KB

        Download