Overview

overview

10

Static

static

1

sample_JC.js

windows7-x64

10

sample_JC.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample_JC.js

  • Size

    3MB

  • Sample

    230906-x2me9abb9z

  • MD5

    f3b0e72e66e1324a2ab94285f069501a

  • SHA1

    d96cb05ee0d622d3cab1c163bddc5e1d8e5280d2

  • SHA256

    7c796e8277fa41ad68ee1a5bed21591ddac49195de6285b628e9d6265ecde2ca

  • SHA512

    9c2847a3f9bda12f75afbb4c46cbd8c00177f290722ffe83f819fea9802d6d896c719f0910ca1eb4192a09c786d3134f504e54a93df9bb77b9d82f899b9db197

  • SSDEEP

    49152:KHEsW6XqiNJhdW2QwkV++sNUrw2CatUbUt:vcC

Score
10/10
strelastealer

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      sample_JC.js

    • Size

      3MB

    • MD5

      f3b0e72e66e1324a2ab94285f069501a

    • SHA1

      d96cb05ee0d622d3cab1c163bddc5e1d8e5280d2

    • SHA256

      7c796e8277fa41ad68ee1a5bed21591ddac49195de6285b628e9d6265ecde2ca

    • SHA512

      9c2847a3f9bda12f75afbb4c46cbd8c00177f290722ffe83f819fea9802d6d896c719f0910ca1eb4192a09c786d3134f504e54a93df9bb77b9d82f899b9db197

    • SSDEEP

      49152:KHEsW6XqiNJhdW2QwkV++sNUrw2CatUbUt:vcC

    Score
    10/10
    strelastealer

    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

      stealerstrela

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks