strela | f4cd2b75e7cfb7f05d2f618875e67ec695ebc01e40c6469579b25cf5bbc2acf1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 08:23

Target

f4cd2b75e7cfb7f05d2f618875e67ec695ebc01e40c6469579b25cf5bbc2acf1.dll
Size

328KB
MD5

1174cc31ae39231bd22fc9795f12e676
SHA1

16bb3e9ecb7c7a6e1b5d15e5a89e2aa8afe60a26
SHA256

f4cd2b75e7cfb7f05d2f618875e67ec695ebc01e40c6469579b25cf5bbc2acf1
SHA512

c2bb2c451e0a8aae2cf279145a40590e230c3c8fbc91b8fa51ea34075f4728d01d0e7030307a1e61cbdce7ad346c8e2a8074c5f109977cd0bb5393d1b66e49c1
SSDEEP

6144:brCSOobIu0jGjcj0aTlHolTt24Hq3F6oCsYn9xo2+phSQSc:brCtj860aqlTt24HARYvvwhSPc

Score

10^/10

strela stealer

Family

strela

45.9.74.13

Attributes

url_path
/server.php
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral2/memory/2096-0-0x00007FFEFC5B0000-0x00007FFEFC60B000-memory.dmp	family_strela
behavioral2/memory/2096-1-0x00000000058F0000-0x0000000005912000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f4cd2b75e7cfb7f05d2f618875e67ec695ebc01e40c6469579b25cf5bbc2acf1.dll
1⤵
PID:2096

memory/2096-0-0x00007FFEFC5B0000-0x00007FFEFC60B000-memory.dmp

Filesize
364KB

Download
memory/2096-1-0x00000000058F0000-0x0000000005912000-memory.dmp

Filesize
136KB

Download