strela | 2024-07-03_9974a83e61250f86eadea5eca94294b3_bkransomware_floxif_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-03_9974a83e61250f86eadea5eca94294b3_bkransomware_floxif_icedid
Size

2.5MB
MD5

9974a83e61250f86eadea5eca94294b3
SHA1

12e710287934b30e7779b3d5fd335b98b9ebd059
SHA256

4113ec83c3fa978cd22a0cc4c947e66adbd98faa3d54fb8e0ea8960c9f9e7d54
SHA512

0b6a639b43ac00b798a8ede081799291150bd991bf313caa19ffb64895ebaa605ab5ae78fb85e5c838468f7f924b85de17e24b0df5c36b2aa4487073c4e28095
SSDEEP

49152:yL0dIH+mzTfEvmhW328xGaaaJIER7mK5QJ4atqHM5jS0MZeTJi:yodIH+mnfBhWm8xGaAENmK5QJ4ataM5M

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Files

2024-07-03_9974a83e61250f86eadea5eca94294b3_bkransomware_floxif_icedid
.exe windows:5 windows x86 arch:x86

dec6123c88a2b455f11cf81ab05bd3b1

Code Sign

69:37:56:d7:92:3d:cc:dc:b4:17:fb:ec:3e:b6:be:e9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/04/2018, 00:00

Not After

21/04/2019, 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:bc:0c:f3:9f:08:fb:e8:a8:9a:89:93:69:9e:bb:f4:84:40:a6:8c:d8:7f:99:d4:65:44:3b:5e:c6:59:2a:5b
Signer

Actual PE Digest

10:bc:0c:f3:9f:08:fb:e8:a8:9a:89:93:69:9e:bb:f4:84:40:a6:8c:d8:7f:99:d4:65:44:3b:5e:c6:59:2a:5b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\ScanUtility_Win_18_2H_1.5.0_Build\Source\FrontEnd\Release\ScanUtility.pdb

Imports

sucmlib

ord84
ord83
ord67
ord72
ord9
ord82
ord79
ord80
_NEW_EncryptPassword@4
ord73
_DELETE_EncryptPassword@4
ord76
ord77
ord65
ord70

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

uxtheme

GetThemePartSize
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeParentBackground
DrawThemeText
OpenThemeData
DrawThemeBackground
CloseThemeData
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleBaseNameW

kernel32

VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
VirtualAlloc
GetStringTypeW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
RtlUnwind
EnumSystemLocalesW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableA
GetSystemInfo
HeapQueryInformation
GetModuleHandleExW
ExitProcess
ExitThread
GetCPInfo
CreateThread
HeapReAlloc
HeapAlloc
GlobalSize
HeapFree
GlobalLock
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GlobalUnlock
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
FreeLibrary
LoadResource
LoadLibraryW
SizeofResource
GetProcAddress
LockResource
WaitForSingleObject
GetTickCount
Sleep
DeleteFileW
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
InitializeCriticalSection
GlobalFlags
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetVersionExW
GetCurrentThread
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
FormatMessageW
LocalFree
MulDiv
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
GetModuleHandleA
FreeResource
CreateDirectoryW
WideCharToMultiByte
CopyFileW
MultiByteToWideChar
GetTempPathW
GetLongPathNameW
MoveFileW
GetShortPathNameW
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
LCMapStringW
GetDiskFreeSpaceExW
QueryPerformanceFrequency
GlobalFree
CreateFileW
GlobalAlloc
OpenProcess
GetModuleHandleW
OutputDebugStringW
QueryPerformanceCounter
GetCurrentProcess
LoadLibraryExW
GetTempFileNameW
GetLocaleInfoW
CloseHandle
FindNextFileW
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
IsValidLocale

user32

GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
LockWindowUpdate
SetParent
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
IsZoomed
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
EmptyClipboard
SetClipboardData
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
LoadImageW
IsRectEmpty
SetRectEmpty
GetNextDlgGroupItem
GetMenuDefaultItem
CreatePopupMenu
CharUpperW
DeleteMenu
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
IntersectRect
ShowOwnedPopups
GetMenuItemInfoW
DestroyMenu
TranslateMessage
GetMessageW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
MapVirtualKeyW
GetKeyNameTextW
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
SetFocus
GetDlgItem
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetMessageTime
GetMessagePos
DispatchMessageW
RegisterWindowMessageW
GetSubMenu
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDialogBaseUnits
SetForegroundWindow
InvalidateRgn
SetWindowPos
LoadStringW
GetWindowThreadProcessId
GetWindow
DrawIconEx
DrawEdge
ClientToScreen
WindowFromPoint
ShowScrollBar
SetCursor
GetCapture
SetCapture
GetKeyState
GetCursorPos
ReleaseCapture
UpdateWindow
TrackMouseEvent
DrawFocusRect
SystemParametersInfoW
DrawStateW
FrameRect
DrawFrameControl
GetClassNameW
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
SetWindowRgn
ScreenToClient
PostQuitMessage
OffsetRect
SetRect
EnumChildWindows
GetDesktopWindow
EnumWindows
PostMessageW
GetSystemMenu
SetTimer
GetWindowRect
IsIconic
KillTimer
GetFocus
GetParent
DrawIcon
InflateRect
LoadIconW
GetAsyncKeyState
CreateIcon
InvalidateRect
AppendMenuW
PeekMessageW
GetSysColorBrush
GetSystemMetrics
IsWindowVisible
GetDlgCtrlID
DestroyIcon
CopyRect
MapDialogRect
FillRect
LoadCursorW
GetClientRect
GetClassInfoW
GetSysColor
DefWindowProcW
CloseClipboard
RemovePropW
UnregisterClassW
IsClipboardFormatAvailable
SetPropW
GetWindowLongW
GetClipboardData
SetWindowLongW
IsWindow
OpenClipboard
SendMessageW
EnableWindow
GetPropW
CallWindowProcW
DrawTextExW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
GetTextMetricsW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
FrameRgn
MoveToEx
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
RoundRect
GetObjectW
DeleteObject
SetBrushOrgEx
EndDoc
CreateDIBitmap
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
SelectObject
CreateDCW
StretchBlt
GetDeviceCaps
StartPage
EndPage
CreatePatternBrush
CreateRoundRectRgn
CreateFontIndirectW
GetTextExtentPoint32W
CreatePen
Rectangle
GetDIBits
UnrealizeObject
CreateBitmap
PtInRegion
Arc
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateHatchBrush
SetTextColor
SetBkColor
CombineRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
PlgBlt
SetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ord203
ClosePrinter
EnumPrintersW
DocumentPropertiesW
OpenPrinterW
DeviceCapabilitiesW

advapi32

RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegOpenKeyExW

shell32

CommandLineToArgvW
ord43
ExtractIconW
SHCreateShellItem
SHBrowseForFolderW
ord727
SHGetFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
SHAppBarMessage
ord155
ord190
SHFileOperationW
SHChangeNotify
DragQueryFileW
SHOpenFolderAndSelectItems
ShellExecuteW

comctl32

ImageList_Add
ImageList_Replace
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Remove
InitCommonControlsEx
ImageList_DragShowNolock
ImageList_Draw
ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag
ImageList_DragMove
ImageList_EndDrag
ImageList_AddMasked
ImageList_Copy

shlwapi

PathRenameExtensionW
PathFileExistsW
PathSetDlgItemPathW
PathIsUNCW
AssocQueryStringW
PathGetCharTypeW
PathIsDirectoryW
PathAddBackslashW
PathUnquoteSpacesW
PathRemoveArgsW
PathStripToRootW
StrFormatKBSizeW
PathCombineW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathAppendW
PathRemoveExtensionW

ole32

CoDisconnectObject
CoInitialize
CoCreateGuid
OleDuplicateData
CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
CoInitializeEx
OleUninitialize
OleInitialize
CoUninitialize
RevokeDragDrop
DoDragDrop
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromStream
GdipFree
GdiplusShutdown
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmSetConversionStatus
ImmSetOpenStatus
ImmAssociateContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dec6123c88a2b455f11cf81ab05bd3b1

Code Sign

69:37:56:d7:92:3d:cc:dc:b4:17:fb:ec:3e:b6:be:e9Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

10:bc:0c:f3:9f:08:fb:e8:a8:9a:89:93:69:9e:bb:f4:84:40:a6:8c:d8:7f:99:d4:65:44:3b:5e:c6:59:2a:5bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sucmlib

setupapi

uxtheme

version

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 384KB - Virtual size: 383KB

.data Size: 25KB - Virtual size: 56KB

.rsrc Size: 312KB - Virtual size: 312KB

69:37:56:d7:92:3d:cc:dc:b4:17:fb:ec:3e:b6:be:e9
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

10:bc:0c:f3:9f:08:fb:e8:a8:9a:89:93:69:9e:bb:f4:84:40:a6:8c:d8:7f:99:d4:65:44:3b:5e:c6:59:2a:5b
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 384KB - Virtual size: 383KB

.data
Size: 25KB - Virtual size: 56KB

.rsrc
Size: 312KB - Virtual size: 312KB