strela | 14ff76924ff2f4102e06ba9f9109311e296c3d07bf5fc0cd888c93b69b545394 | Triage

Sharing

General

Target

INVOICE_1877_1553532450.js
Size

5.3MB
Sample

240122-lyck4aeah7
MD5

34bcdbd3855b4a4354f3cd03e608440a
SHA1

6a8bf0531a981e6f567782801c5cfc0ef9f01a91
SHA256

14ff76924ff2f4102e06ba9f9109311e296c3d07bf5fc0cd888c93b69b545394
SHA512

55483251feda3c1ccdff42767458333aa737052d0e2c51ad1be5f1615202d3f2407cd2c3d1ca8d4e151cae3e6ca21e6fde5a4b4e5b7906b91964c9320e6e94a7
SSDEEP

24576:LioNDFYpmVzSyuXqoeJxJNK2Q9bAnWdvgTABkeW+3khCxsOwy2WHM+sJE9qP4e2g:r2map+5wnVBK3UbUt

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

193.109.85.77

Targets

- Target
  
  INVOICE_1877_1553532450.js
- Size
  
  5.3MB
- MD5
  
  34bcdbd3855b4a4354f3cd03e608440a
- SHA1
  
  6a8bf0531a981e6f567782801c5cfc0ef9f01a91
- SHA256
  
  14ff76924ff2f4102e06ba9f9109311e296c3d07bf5fc0cd888c93b69b545394
- SHA512
  
  55483251feda3c1ccdff42767458333aa737052d0e2c51ad1be5f1615202d3f2407cd2c3d1ca8d4e151cae3e6ca21e6fde5a4b4e5b7906b91964c9320e6e94a7
- SSDEEP
  
  24576:LioNDFYpmVzSyuXqoeJxJNK2Q9bAnWdvgTABkeW+3khCxsOwy2WHM+sJE9qP4e2g:r2map+5wnVBK3UbUt
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2