Overview

overview

10

Static

static

1

18491242336191.js

windows7-x64

10

18491242336191.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wobaggvm.zip

  • Size

    179KB

  • Sample

    240325-r9d6ysbb64

  • MD5

    4376289760e4c50357fe66aa7a993ee8

  • SHA1

    f6a7c8a5d0b6313da8b53963d6f17b1c6e019b05

  • SHA256

    9bfcd902f51c2898e4e71d87f8a8f00ccb26cc3cb11191767ce21a0e51d1a468

  • SHA512

    14c36e0d2b32f60be1b537e8a1489468d573ac265da4eeef817aa601aa5644571e98409521626445027a65ae6a1abe952eb04ff18d3fff63dec9cef0ed8cc3d4

  • SSDEEP

    3072:8naIChOm6Hk6Q0O/21UM3vJk6Ag2xzdvyU2Q3GhH26ksHaJtL3/:DDQm6Hk6Q0A21UcvPt2xzd12QUzkoo/

Score
10/10
strelastealer

Malware Config

Targets

    • Target

      18491242336191.js

    • Size

      353KB

    • MD5

      00a488ef84d5c94fcc82506405c1fb20

    • SHA1

      660c34be4fc2cfad57705d5a607bedfdf5597e7d

    • SHA256

      9b24c97d6400214ccfdf2ef5bdc89de58bbe54745b7caa03d0ca0f7861c985e1

    • SHA512

      8f9370c6f35c7baaca1e8390843cceaf9a775f799cd44736072b78532a11df239cc64cde336bb033399d37e2f8e4d7aa7f82e21226b2f6b33fb2246db48e6484

    • SSDEEP

      6144:GNP/Va6wVPV7GUIxX1uUcaDG1xo2p/Ws8LPF5Nevr:GNnVaTVPV7GUa1/cQG1x5p/zeevr

    Score
    10/10
    strelastealer

    • Strela

      An info stealer targeting mail credentials first seen in late 2022.

      stealerstrela

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks