Overview

overview

10

Static

static

1

Strela.js

windows7-x64

10

Strela.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Strela.js

  • Size

    3MB

  • Sample

    230905-p8ae9sff86

  • MD5

    2c87dd2b3fc3d243a06bf947f4c7d7ac

  • SHA1

    be2acdaee1128946a1eec5a449f8ed6f21e06759

  • SHA256

    506a0f63c640aa0702a286847553b02d9cda218ffb2ff1f38bc017247c49fcba

  • SHA512

    ae6daf7009ffdf429975cbeb9b4f539048ec9bad7e6184eeeeb39ee9ff04676f44df63a277515adb99b6a613f28f1f9a65e5390991f7f01b5adfaacfc1dc4b77

  • SSDEEP

    24576:miLxXraB4Ze8MYp39KlgOS+j2SrM+2RpgGsIh0GYDDRV2GbnFEcmNIMHTXkE/71K:TLJne0zSzd2aU4Gl0lSXkEDblUbUW

Score
10/10
strelastealer

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      Strela.js

    • Size

      3MB

    • MD5

      2c87dd2b3fc3d243a06bf947f4c7d7ac

    • SHA1

      be2acdaee1128946a1eec5a449f8ed6f21e06759

    • SHA256

      506a0f63c640aa0702a286847553b02d9cda218ffb2ff1f38bc017247c49fcba

    • SHA512

      ae6daf7009ffdf429975cbeb9b4f539048ec9bad7e6184eeeeb39ee9ff04676f44df63a277515adb99b6a613f28f1f9a65e5390991f7f01b5adfaacfc1dc4b77

    • SSDEEP

      24576:miLxXraB4Ze8MYp39KlgOS+j2SrM+2RpgGsIh0GYDDRV2GbnFEcmNIMHTXkE/71K:TLJne0zSzd2aU4Gl0lSXkEDblUbUW

    Score
    10/10
    strelastealer

    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

      stealerstrela

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks