General

  • Target

    3js.js

  • Size

    4.2MB

  • Sample

    240109-xl4plahgc5

  • MD5

    f775c9021104377f50b35c575b9297a8

  • SHA1

    bcc02efb0ef345677c161030d2bbb6d7a6b0f118

  • SHA256

    a604d0cf8041c9e156f74c90d4abf53f28b695ab03d6b5dfb034a6c833fced1b

  • SHA512

    1879ccba16e67c89c735b67249999afee25407262ff4d3f96240a45e8401ef09b1fef71a450331fa808ab5b1f9007d1f0bec2fc810897c5788ccd5e64216a1eb

  • SSDEEP

    24576:iBL/aX6WpQlCuQSAFLrjHTExzK6fEGBRRQs1IJVK1HafYbqxkcdRGb4OOvGSe0OU:lhPYUt5N0XWjV+fm6OXYUbU0

Score
10/10

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

    • Target

      3js.js

    • Size

      4.2MB

    • MD5

      f775c9021104377f50b35c575b9297a8

    • SHA1

      bcc02efb0ef345677c161030d2bbb6d7a6b0f118

    • SHA256

      a604d0cf8041c9e156f74c90d4abf53f28b695ab03d6b5dfb034a6c833fced1b

    • SHA512

      1879ccba16e67c89c735b67249999afee25407262ff4d3f96240a45e8401ef09b1fef71a450331fa808ab5b1f9007d1f0bec2fc810897c5788ccd5e64216a1eb

    • SSDEEP

      24576:iBL/aX6WpQlCuQSAFLrjHTExzK6fEGBRRQs1IJVK1HafYbqxkcdRGb4OOvGSe0OU:lhPYUt5N0XWjV+fm6OXYUbU0

    Score
    10/10
    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks