General

  • Target

    doc4288272203632.js

  • Size

    1.4MB

  • Sample

    231203-t1y6wada42

  • MD5

    7f21beb70a3e4133bfeb07367d7cec6b

  • SHA1

    115b32b360e27ddfe16a5d7798353575a6d2bae8

  • SHA256

    261b8ff03bf15861e21b75f149c7b7ff18a2abaf4e12f771e07b945830d9c776

  • SHA512

    dcc802a3387483b0ee3c9c2d3b40009d6fb30fd08e9ff8cfd0c4146dd857802f0fb7904b8a3bcad6ca3e98ddf9b7046a41beaac8a49384bb4ca70eb394f51db0

  • SSDEEP

    24576:5UbIIcX6tP74u+Jt2AVBTgwSSfQFmYzlqx:+ItwMcDji

Score
10/10

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      doc4288272203632.js

    • Size

      1.4MB

    • MD5

      7f21beb70a3e4133bfeb07367d7cec6b

    • SHA1

      115b32b360e27ddfe16a5d7798353575a6d2bae8

    • SHA256

      261b8ff03bf15861e21b75f149c7b7ff18a2abaf4e12f771e07b945830d9c776

    • SHA512

      dcc802a3387483b0ee3c9c2d3b40009d6fb30fd08e9ff8cfd0c4146dd857802f0fb7904b8a3bcad6ca3e98ddf9b7046a41beaac8a49384bb4ca70eb394f51db0

    • SSDEEP

      24576:5UbIIcX6tP74u+Jt2AVBTgwSSfQFmYzlqx:+ItwMcDji

    Score
    10/10
    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks