strela | 8ca6dc7fcf25e0e7d4a521d35ec27d08fd5b2832f06f2aa32b52b36b69f47c8c | Triage

Resubmissions

19-02-2024 19:16

240219-xzannsbc6y 10

19-02-2024 19:12

240219-xwla1abb8z 1

06-02-2024 16:53

240206-veee1sbeb4 10

Sharing

General

Target

quisisana-ag.zip
Size

252KB
Sample

240206-veee1sbeb4
MD5

0832e426e9d11f407af8dbd3b386051f
SHA1

52fc963d3e76adcd71017066ef0d911ed6ae545b
SHA256

8ca6dc7fcf25e0e7d4a521d35ec27d08fd5b2832f06f2aa32b52b36b69f47c8c
SHA512

5bcd76d20f5109a4ae4a12b6188eefead31660f92b05374dd25166199a83941dc073d4aded152f8df624cb924d0fc99ff867285427a897803cf7a759326abe8d
SSDEEP

6144:QQC0luYPDDz1Tv5DvKh9ar7wbeNW79ujJuXFJ4:hPNdvKMwbeo7OJcW

Score

10^/10

strela stealer

Malware Config

Targets

- Target
  
  1727822909290912689.js
- Size
  
  647KB
- MD5
  
  9d68a860c54584dd2d52f465160ee6ad
- SHA1
  
  42270d711512467421fd9f15530a70476f383172
- SHA256
  
  cf66b2a95512490b690794f70d6c847aa8047bee3975c1eb46a7a892f74b9cff
- SHA512
  
  352838f21a3664f308327c3e9e7f318d3af3480f0fcf952c2ae9cbd647826baf29274db0545822ff13365271ae2638f3a7b662caf40744b14cf6502abbad0539
- SSDEEP
  
  6144:GYkeuxJrlxHlmMkIKjT5/gId68KpldKlZk7bm0KGm63EYnkkenxf2SeefVZwzqzs:GY7orJGIS/gIl3NGN0YnkR+tfVWE
Score

10^/10

strela stealer
- Strela
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2