General

  • Target

    bad.js

  • Size

    4.2MB

  • Sample

    240108-l9gzysgeh8

  • MD5

    3b05e95405fd6acacd2489acd550113a

  • SHA1

    666807d42d6f0b169066cb896edd104247bf38d5

  • SHA256

    6b759d51bd3cf8bb1f725d1adf40636e7d0026632f4bcc8322f90e60fb2fe26c

  • SHA512

    db02925fdd20060c0536cb87b65b34d5e668727819f5a18c69a6249e9fd7a0483cb6343e9f3b611018c5cdf61471b233c05009553540b9d99cbc6725bf60a409

  • SSDEEP

    24576:fBy06LEkvKiM5b/qADPRfGE1y8dKgSuDbrzXnkZu0Dk0MY/4CPk0b/ERMeLGqUb+:JmYZsDZuSMUETUbUJ

Score
10/10

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      bad.js

    • Size

      4.2MB

    • MD5

      3b05e95405fd6acacd2489acd550113a

    • SHA1

      666807d42d6f0b169066cb896edd104247bf38d5

    • SHA256

      6b759d51bd3cf8bb1f725d1adf40636e7d0026632f4bcc8322f90e60fb2fe26c

    • SHA512

      db02925fdd20060c0536cb87b65b34d5e668727819f5a18c69a6249e9fd7a0483cb6343e9f3b611018c5cdf61471b233c05009553540b9d99cbc6725bf60a409

    • SSDEEP

      24576:fBy06LEkvKiM5b/qADPRfGE1y8dKgSuDbrzXnkZu0Dk0MY/4CPk0b/ERMeLGqUb+:JmYZsDZuSMUETUbUJ

    Score
    10/10
    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks