strela | 0da605b8914432c0556d1095b2697bdaa67fbab40fe3d6523f067de31c0aa357 | Triage

Sharing

General

Target

malicious.js
Size

4.8MB
Sample

231103-kthqwaha36
MD5

84d76605821aad3c7b52312b57f6ff23
SHA1

603b6f4d2f8bc9b5a32443e85f329943f29792da
SHA256

0da605b8914432c0556d1095b2697bdaa67fbab40fe3d6523f067de31c0aa357
SHA512

53664063b3e70caf1175aba4fb0c16685d195cd68e773936caacc9cfad5b7fabd4d0a49faf2086748e56afb0ea0876d9b0b289454352f5fb7a09f5790e8d2fd8
SSDEEP

24576:nFLfCxY1+k2hdY88i5Wf+gDWJ6UDNsYz1Yc4K6Mts3MxW9wpKOhmpn/enJxbGftR:Fni5WWpuQ356LcxWz46osTxSUbUQ

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

- Target
  
  malicious.js
- Size
  
  4.8MB
- MD5
  
  84d76605821aad3c7b52312b57f6ff23
- SHA1
  
  603b6f4d2f8bc9b5a32443e85f329943f29792da
- SHA256
  
  0da605b8914432c0556d1095b2697bdaa67fbab40fe3d6523f067de31c0aa357
- SHA512
  
  53664063b3e70caf1175aba4fb0c16685d195cd68e773936caacc9cfad5b7fabd4d0a49faf2086748e56afb0ea0876d9b0b289454352f5fb7a09f5790e8d2fd8
- SSDEEP
  
  24576:nFLfCxY1+k2hdY88i5Wf+gDWJ6UDNsYz1Yc4K6Mts3MxW9wpKOhmpn/enJxbGftR:Fni5WWpuQ356LcxWz46osTxSUbUQ
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2