strela | 016f87ea7f834aa2876d1c5179f3f212a0ed1573c2694ece91d6a652ff8a75a0 | Triage

Analysis

max time kernel
93s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 08:34

Sharing

Report Analysis Logs

General

Target

1507.dll
Size

124KB
MD5

ab3b78bd0208c6f9163061a8b70f0f2b
SHA1

be6817bd48a1f9993f923ea3fef5ae5df99bfe41
SHA256

64537fd77032e01238c038a709b65d93946051f03b63e6b39102c6a1afa443c1
SHA512

a97e899c670f840b8964301d1d7805190097a9f7c98c12ebdeb2258da3cf8f2b0ee13980f934efdd950f3cc15b6a5f97f06efb8b74770cd4fb03b862f1b8c0ae
SSDEEP

3072:7lqbzqmw0Qq2GSGvbrN0s/ZvdiO3Liwh:7oA09fbZd/ZvI2mwh

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes

url_path
/out.php
user_agent
Mozilla/4.0 (compatible)

Signatures

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral16/memory/964-0-0x000001E106EB0000-0x000001E106ED2000-memory.dmp	family_strela
behavioral16/memory/964-1-0x000001E106EB0000-0x000001E106ED2000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1507.dll,#1
1⤵
PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-0-0x000001E106EB0000-0x000001E106ED2000-memory.dmp

Filesize
136KB

Download
memory/964-1-0x000001E106EB0000-0x000001E106ED2000-memory.dmp

Filesize
136KB

Download