Malware Analysis Report

2025-01-18 09:29

Sample ID 240407-adb82sff75
Target a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1
SHA256 a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1
Tags
strela stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1

Threat Level: Known bad

The file a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1 was found to be: Known bad.

Malicious Activity Summary

strela stealer

Strela stealer

Detects Strela Stealer payload

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-07 00:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 00:05

Reported

2024-04-07 00:07

Platform

win7-20240221-en

Max time kernel

122s

Max time network

126s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1.dll

Signatures

Detects Strela Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Strela stealer

stealer strela

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1.dll

Network

N/A

Files

memory/1704-1-0x000007FEF78A0000-0x000007FEF78DD000-memory.dmp

memory/1704-0-0x0000000000200000-0x0000000000222000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 00:05

Reported

2024-04-07 00:07

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1.dll

Signatures

Detects Strela Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Strela stealer

stealer strela

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a768c52fc1786e5965e01bb7fe6780f4670425943eac9e48455f672c1b9d81e1.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/4492-0-0x00007FF9DC240000-0x00007FF9DC27D000-memory.dmp

memory/4492-1-0x0000000002E10000-0x0000000002E32000-memory.dmp

memory/4492-2-0x0000000002E10000-0x0000000002E32000-memory.dmp