General

  • Target

    FACTURA_247504372.js

  • Size

    5.0MB

  • Sample

    231024-gksmyacg82

  • MD5

    d3d89cf3d4dae6ff105f07470cd58443

  • SHA1

    c4a718375f63dbe45d3f06bfd1095453c0617197

  • SHA256

    5353e1fea5f6e39ddab07c7467f61b0b61503de99d5a2e862beaf56f0e8bd8cb

  • SHA512

    f73c0ca1f6a92872d6498be5425f5003b79868ae203cdc964680d7feb5b7d819120e933c13a3901415dc1a8506076b2660e1a917c44be60cf06c2a9e26f8bd4e

  • SSDEEP

    49152:GdsNz0C7iAI9mSYxQh0h8Nfv6tn3NUbUp:lc0

Score
10/10

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      FACTURA_247504372.js

    • Size

      5.0MB

    • MD5

      d3d89cf3d4dae6ff105f07470cd58443

    • SHA1

      c4a718375f63dbe45d3f06bfd1095453c0617197

    • SHA256

      5353e1fea5f6e39ddab07c7467f61b0b61503de99d5a2e862beaf56f0e8bd8cb

    • SHA512

      f73c0ca1f6a92872d6498be5425f5003b79868ae203cdc964680d7feb5b7d819120e933c13a3901415dc1a8506076b2660e1a917c44be60cf06c2a9e26f8bd4e

    • SSDEEP

      49152:GdsNz0C7iAI9mSYxQh0h8Nfv6tn3NUbUp:lc0

    Score
    10/10
    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks