strela | 46c6bedc6f4bfdfae1c0ae378ca649c115187c722e7786002b180ced07135a7d | Triage

Sharing

General

Target

quisisana-ag.zip
Size

410KB
Sample

240126-pm2mmaehfr
MD5

73a2d34c3d50d1665590bef3f51c4ecd
SHA1

05d45bd243ce505249372176b0fbcecf5e3e0fce
SHA256

46c6bedc6f4bfdfae1c0ae378ca649c115187c722e7786002b180ced07135a7d
SHA512

07b1464346f1264fc70b2eab30a68e93432349232e7c432b3d0ab08d752604de06609baa9bd4ab272f82a4844abe5776cd03bcdb230ea09ff6ebb979e732bd4f
SSDEEP

12288:HOLy9apM+LoFVTg7UFCF3XaroI5MVtbbs1yV10HQyG:HOpuUUF63YokMXbIs10wB

Score

10^/10

strela stealer

Malware Config

Targets

- Target
  
  28325142147799.js
- Size
  
  959KB
- MD5
  
  e142b6e92af05edd784ecea426ea62ae
- SHA1
  
  4b4a1e8489acef2c4a27dfe4f9de1b2e4a14f86e
- SHA256
  
  4b2fb816282af672a02dd4f13fff81f00f6f3825c7c9329dca4bf934412b8322
- SHA512
  
  a69d6958f60427fcf8e66c41a6b64e9033eb6504aaf05d5be62a849efcf113996dfd14a24d256fab43e53e4694c3a5f19bd3a298052c793f346fe4d04f34cee3
- SSDEEP
  
  12288:H2DjmKxUlG7TcTEeHeauBdjGjNzWpEq0mqRVb86XFXZZSLY72i9TMY6Sms9aFG4M:WZU67qe/p9dtkoH2
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2