Overview

overview

10

Static

static

1

204101633414270.js

windows7-x64

10

204101633414270.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    204101633414270.js

  • Size

    4MB

  • Sample

    230905-h27c4adh4s

  • MD5

    6086fc77346086cd6a1cb9ac78045caa

  • SHA1

    b2673c323390d38345095b5bfd3dc3f4f773bbf5

  • SHA256

    f114de58d079600d41677375080a2abbef8a46d04eb84a0941c91b64192c6179

  • SHA512

    bf169f17cfa5317d9dde20bb430dffc9ba507b18879654ff2d1541564e368249b38254940ac56d66aee35c8a0ee724380a6419e7b0114395ae4438046849aa04

  • SSDEEP

    49152:sxu8oYjz0TVhgZuTrj2wTjR/JLQ4yJojqUbUz:Ici

Score
10/10
strelastealer

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      204101633414270.js

    • Size

      4MB

    • MD5

      6086fc77346086cd6a1cb9ac78045caa

    • SHA1

      b2673c323390d38345095b5bfd3dc3f4f773bbf5

    • SHA256

      f114de58d079600d41677375080a2abbef8a46d04eb84a0941c91b64192c6179

    • SHA512

      bf169f17cfa5317d9dde20bb430dffc9ba507b18879654ff2d1541564e368249b38254940ac56d66aee35c8a0ee724380a6419e7b0114395ae4438046849aa04

    • SSDEEP

      49152:sxu8oYjz0TVhgZuTrj2wTjR/JLQ4yJojqUbUz:Ici

    Score
    10/10
    strelastealer

    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

      stealerstrela

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks