Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 08:53

General

  • Target

    NEAS.4bbad95e2f2c9909bcfa2e200eb24880.dll

  • Size

    3.2MB

  • MD5

    4bbad95e2f2c9909bcfa2e200eb24880

  • SHA1

    dd2560c44209f33ca2dcb3217c5b45fcff2b080d

  • SHA256

    c5fa4a93c234ee1d6116ccf43c19f7e432713efa45996ff116c40efe2eed55f7

  • SHA512

    97bceec1a695d225dd05922801f054b8a541fb7cecd64ac3ba6ed1b54103278f1a64e6f887160c8b56907dcff76eb29ef6cc129c05f09237bf36207f70afa764

  • SSDEEP

    24576:2qLG1vn88MzZqLtAgc4ptxs4wNqeIFcn8AtF7IY9FBi1EHQqD0rqw1Iw5dGgAFcl:2J1c1XN3DYp5zVhH

Score
10/10

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Signatures

  • Strela

    An info stealer targeting mail credentials first seen in late 2022.

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.4bbad95e2f2c9909bcfa2e200eb24880.dll
    1⤵
      PID:2516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2516-0-0x00000000002D0000-0x00000000002F1000-memory.dmp

      Filesize

      132KB

    • memory/2516-1-0x000000006D7C0000-0x000000006DAEF000-memory.dmp

      Filesize

      3.2MB

    • memory/2516-2-0x00000000002D0000-0x00000000002F1000-memory.dmp

      Filesize

      132KB