strela | 5c8b35a836b8c19fb65ab26622c51c03e8c4e7a3dd18bb24427ad2eaaa2f765b | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 10:16

Sharing

Report Analysis Logs

General

Target

2014.dll
Size

124KB
MD5

d2ae037ffd060ce41b1d95472d117e8b
SHA1

6877dec76bcf7bf032e6d000cf992fee34202343
SHA256

b17b02c0fe97788200ceb716e8acd7a50ee2c1eff49dd5c11296897704363367
SHA512

e4267e512b3a96907f793666fad5f5c8351ab4a066dbc160da0f5f56534006306430fcf771da518e186b480c500180697be5e2564b9a0c05d52d32a6b242a6db
SSDEEP

3072:yXhbE/qRTK7WUSKmQ4P61/bV1GaQ0m8JsNP:yRq7LAQ4PMb7GalNC

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes

url_path
/out.php
user_agent
Mozilla/4.0 (compatible)

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
behavioral29/memory/2888-0-0x0000000001EB0000-0x0000000001ED2000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2014.dll,#1
1⤵
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2888-0-0x0000000001EB0000-0x0000000001ED2000-memory.dmp

Filesize
136KB

Download