Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    655d3dd15a98e6b53933ae6f5d86025f47b2c170ae4875d4151a12c274c09b1a.zip

  • Size

    51.1MB

  • Sample

    240713-mhhylsxbrm

  • MD5

    d7241f541c12892f6d2bd889972d1b96

  • SHA1

    6e055811fa48cb372d1a0287becd7b4c2ce73916

  • SHA256

    655d3dd15a98e6b53933ae6f5d86025f47b2c170ae4875d4151a12c274c09b1a

  • SHA512

    016d633044dd486ce74cb22f50ae5c35bc0565fae33de0515ab7e71e0422fe495e1e6468af17efa5d73e7cd37dc2bc0a1b500b2eeeaac430b4a9a92675d1555d

  • SSDEEP

    1572864:JsB9Rh0g70YQ5CoJzfLdhEv2OhVuIxDeQp8xDL7IbNhDP:CBN0VYCzzjEO3IxaZD/IxhT

Score
10/10

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes
  • url_path

    /out.php

  • user_agent

    Mozilla/4.0 (compatible)

Targets

    • Target

      3000.dll

    • Size

      122KB

    • MD5

      ec5acd510af6513fd1bd1884d82812fd

    • SHA1

      3de035c4edbb0f12b86184c97429054617218b19

    • SHA256

      a4084cc0b45cd21cb9171b7c5cf471537cf9cdbf8a36f09080a26aac767a1462

    • SHA512

      095894f5c225d15e796fd5a8c196e593fdda8ae2a2d2a4301421e90465388ceb248b83a77ec90bae9d74c085eb7f4cfaf7be59adc629d23fd8dea0b942b1b0cb

    • SSDEEP

      3072:CgRvtW/F9609O3lH20eVrqoiC5Txkmc8MIspo33:C0lYFkb2TVrvHZ24MXG

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3001.dll

    • Size

      124KB

    • MD5

      e3ae8ae477ef0ae5c3ecee70272f428e

    • SHA1

      d97b48b2a77d28937442b354745a5fbbcaf78436

    • SHA256

      db23eb81f757651517677102eeb00f9e1650858fb0a9d97d1ad38129d21a5ad7

    • SHA512

      dead999ccc5016394a1e27b2a0e20948189a79ba8297e80223966a85178d368bcda96494d31e87c0f2d9056baebf622c351264d8a8ce54c30a3640fd63eec63c

    • SSDEEP

      3072:f3isZnXo6HPRmm7qFiJauiygMjZdYl0DuK1OT:PiP6HPV7jZmM1ml0qR

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3002.dll

    • Size

      124KB

    • MD5

      699830241ba061b7765db2835991cdec

    • SHA1

      4123abf997d316923ea27eb44c8316d5974b5d3c

    • SHA256

      20dfa35650b3944a7a6246528e7daa1aaddff5757556e52ca5b9f9843a18a99c

    • SHA512

      015452cef58e4bdae5aa8798d89ff961018087a111eaf5673734b8e1db22e7eb371f82c7aed393278d95e472c2575bbbdbc357a045ce776e0e653ca4f88cddf9

    • SSDEEP

      3072:Eshzm+XCl+hqNNVgCKu9myBKh7tJxyIe:EW0VxKu9EhxiI

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3003.dll

    • Size

      124KB

    • MD5

      3ca0ccbe7ae62ff7d9e8fefe5920431e

    • SHA1

      f3d2e205ecf6ecb2a712ef54f3cffb41a64ce919

    • SHA256

      b6eec94771ab6d2a28842f65a6e620d96be29da0e465b01ebef5dfeea749d8f5

    • SHA512

      9aae223b6bf07280084113843a939f1ea808313f43c8690fcf5a98eb7656dd37aacf70d5b01679eb525dc7797a1b5e87bb6367dc07ada0b778075fa0b6ae14ac

    • SSDEEP

      1536:9qHw8EQsnzBn7wRRCMZNBKLqdSCygfDDbiKd1hJoqdoQgmWyIxM55mD9UJkkGq0p:cw8nsnzFEHZaOdHpfDDbiyiMQMPs9H

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3004.dll

    • Size

      124KB

    • MD5

      023ecf3b98598be4e30f7874c8c6d88e

    • SHA1

      a5c456fac15f24da003a6375b16769ba68a1dc5c

    • SHA256

      4b4777871e6ee64e7112a7a8967d77b818fd5880039ed2de38add10df98944a2

    • SHA512

      7e2b9ccd189fe36fe68bde57f83c59eea99db2bebcf610cc3fc47795db4d8807f5d7a54ff4a7483f96debf8a69ac577628f421d957e42dbaa693b0db2eefc6fd

    • SSDEEP

      3072:pwa7Cs90aegV5Y4EGBOUmTK74OX7/rXWf:pwaOI0aeg/YtTqBX7/rW

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3005.dll

    • Size

      124KB

    • MD5

      7bd82ef1e94be2f1fe3b1e4cc9a21495

    • SHA1

      d4f84900bdad6430befbf9cbdbcac9309020e6f2

    • SHA256

      10136eca493732eeef2ebcabbcc7c09d1bb36c92f0a3fe4f0866b7049cffab8f

    • SHA512

      869c568f9f1db4d6e9a0c1968254b707835bfec14188171929eafc1d3eef508be849c357e4b807031a121481ccb79be745314edc2907b6f7f1f95276d15de58c

    • SSDEEP

      3072:NVfAiUgzdbWChY4VaXekTvuJYMEVDqf3rnn:N1AijxbWCThsVDI

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3006.dll

    • Size

      124KB

    • MD5

      4d4106f06f68b63b8a704b905e03e549

    • SHA1

      8e7e0768723f208f0b71dacdc301cf8266e364b9

    • SHA256

      2afc70eafa1bbf81d0c44678fd8644eff2f2cc76581d6ec2da4de70765eaaf7e

    • SHA512

      ef0a6293216b311d0afeb881fc8f2df8010b4802190cd8ddec905f98034612ac77c623a3bf629a6bc019af09a78f999bd7c09465fa736742de2b1f7b22ef62a6

    • SSDEEP

      3072:NWCxmOtV40u4/BFw/gPaZvwN50ihcOGIwUQ:N3xb40dwoipC50SgbL

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3007.dll

    • Size

      124KB

    • MD5

      a259e5b2a624b3bdf30713e0409a2290

    • SHA1

      bc0485b6523faabc2870111887427ad6ea612b01

    • SHA256

      1100de2f1f242dc887208fcfcfda534c4a26811e8a8b09b12bbd5cfbdbf846ad

    • SHA512

      3b27060e054be9b051ebc46e47e08790d431363ad5a1cb7116bfa0f86651fbd28bd6c4d04699cf9acfedcf52fd0c4af76b2f38c4857702e34927d3bc83b7c8b0

    • SSDEEP

      3072:0nQPZ+UiNXWJQZTVzHi5RZ7n88a0wTSwuCn1cdQEQE:0W0UiJWBL787Gwfn6

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3008.dll

    • Size

      123KB

    • MD5

      ff69342d133c3f2822c3280b3ccc641f

    • SHA1

      19d32da2a6981381c2b5de14a9bc1653cae6f86e

    • SHA256

      670f75329b32862761bc20a7ab93ca890bc905bea9c24ec9786c3cb02a1ea9d4

    • SHA512

      95cd66796cce2854d5be9ec9e86f77c755eaec14b3fcc44fe713fd528002883e1f5a987af9382c46aca9f936a65e076ed4cf1cfbbe91e8603e8e8155e8785fb9

    • SSDEEP

      3072:CTfHHPy0Lq3TdLSUrxe8WC7IsYHTg/CdPz4gwaS5hM1eq:CTfHHqgqtSUcY7/oVwaGM

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3009.dll

    • Size

      125KB

    • MD5

      ac70bc870fe18d7db49bf7195e2ec13b

    • SHA1

      e7923e386c87392046f018e871903c42c30a5634

    • SHA256

      5d846ec183daffaa397d662cd1388549ef929506b70ae36c59f4466c9861edb0

    • SHA512

      eac269b83f35b22a3acf45579c5d1db96568cdd72bd6018635e5854099f7ceb998f1e984208d0b4c2e7b06cb2f2b4ac3995caf31515689132e7d31cb28fe6a52

    • SSDEEP

      1536:YQ+ZcZXRvXJ4gVYaX+GBYzLG0lcL4n4JOfNFu9IFF80SXs5lYtqQFzmjqKQfBsVz:YQHXntCfUL4n4Ji/FF8tXz1DgtnKczu

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3010.dll

    • Size

      124KB

    • MD5

      b0dfca004dcc9d52a84daa8f6f18c4ed

    • SHA1

      424e66716ea38dd31ab940338175a975e942dd08

    • SHA256

      3a6a35be54fcd9a0f3e457790eacb0397e6d783a7e5cb4218d8f0be63677e30f

    • SHA512

      25d9db7b3e555071703259e90d1360e842b8d2a17305892cfed06a723324739652d27ee88d1f74b249c4247966479062a9eedbad4b6b965e6a9f9b6a3520aaff

    • SSDEEP

      3072:o02KT2VwhAiX6kMEfC6eETw+sKi6nmACAxCttvFmulG:vyViAOfMEfLfTw+Ln73x6mW

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3011.dll

    • Size

      124KB

    • MD5

      6591de5047b35ebd9dbbb2ed5922b83b

    • SHA1

      d2bcbbac01661ae4136dae1fd5aaf801143835d5

    • SHA256

      ca0739ab8cae85f49e4e715a564f745e589299e210b2519105c5560d7d22da9a

    • SHA512

      d15171bfb8d0ef4cc0fc55f50ac351a42e5246d87df24a649a5767374a81bda47119a9ca1cf28ddf89f95a0d689c3f277a7ae1d5f50efe5037b222eed772e9fd

    • SSDEEP

      3072:v/gnm3NTxp9JhduoVrIqHFNCugQv92BbHYkxo:v/0m3NT77HVrjlNClQv9Vc

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3012.dll

    • Size

      122KB

    • MD5

      30d61e180e7849569e71282e3c92a010

    • SHA1

      33178cb070c86a75a5732f939273cb0fa6ff19fc

    • SHA256

      2deeb69ee684a8b3f1f55fd8476a50b8702eec3f572d1ed4bef66b9b3264bb82

    • SHA512

      5709202df109a2f8a62284534f7905dcb2b2b2a494b431aef6249ef9b7385a9e6a533e28222e3b3ba6a1fd54062299cfde9301878e9eb543fa33cb7daf430a58

    • SSDEEP

      3072:MbYogLSpYODpX/mIyFBllJjRnKgfumi4hXyeI20ZItC:MRgFODpXuIyHjJjRKCdxnIitC

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3013.dll

    • Size

      124KB

    • MD5

      07d1b6de5ba94e0361de92a11046cf2f

    • SHA1

      0901e85b6b0e4a117747e31c2c7f21c5cf6a6f6c

    • SHA256

      945056f1d886a472b1b324c3f34634f81a9153333a858e617c63d0e2c1b3ed18

    • SHA512

      2cf46bd7a7cc162bff57daf17a21121196b273a5edc0605544336d4a8f952c9118558b69d48c84beba8ca8f014325dd7c08bd48f3e7201ef8be8e5f4f44d1723

    • SSDEEP

      3072:IBgT92E6VqdBm+NRLIhOWpoIRtZlGDD7LjHir:IM91LBm+NNIcQZ4v

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3014.dll

    • Size

      124KB

    • MD5

      21093e674901ccffa851ce21906b2172

    • SHA1

      02e6c683e54cf8bcf5426cd1abfc6c0e0956575a

    • SHA256

      4a7f26ac74476d6c3a32fab2cff3500c8c25b2e6d1aac0e368951144cf480fdc

    • SHA512

      dc3d6d409effb7988312e41f1e80da7c6837de78e1eebfdd4f37293becef8fb9cf9e5a60daf129246ed7f07a0b2d8cab225ea60ed80329a5296f9272e77a11d3

    • SSDEEP

      3072:CJOrgiiPBrJJL7ZF8JKC7hw+I6uG/lHTQ2Hcl5A:CMrl4JB1F8JVNNDcl5

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      3015.dll

    • Size

      124KB

    • MD5

      250be0b19c81ca5fd649a0b1d2b67d63

    • SHA1

      5cd03b0fa5a34499c9a130332d739d2960ade986

    • SHA256

      a0ca8fe6be58f4f3f4a358fe73f7e310429f8f7781ce7212dc5e793ad3a3a5d7

    • SHA512

      2f4aa81e45aa387a0d71008fd4eed505130807547d1ed2f005d730e54078daa8e5b38141fd042b0478a284724ce9a83823442c3504f3c821c63635b564abe303

    • SSDEEP

      3072:Jag8gLFhcsSpqyMVM4Pi73rbEVgCtpHf76qaUR29:IgFhP9yMy4Pm87Rf7CUR2

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

MITRE ATT&CK Matrix

Tasks

static1

Score
3/10

behavioral1

strelastealer
Score
10/10

behavioral2

strelastealer
Score
10/10

behavioral3

strelastealer
Score
10/10

behavioral4

strelastealer
Score
10/10

behavioral5

strelastealer
Score
10/10

behavioral6

strelastealer
Score
10/10

behavioral7

strelastealer
Score
10/10

behavioral8

strelastealer
Score
10/10

behavioral9

strelastealer
Score
10/10

behavioral10

strelastealer
Score
10/10

behavioral11

strelastealer
Score
10/10

behavioral12

strelastealer
Score
10/10

behavioral13

strelastealer
Score
10/10

behavioral14

strelastealer
Score
10/10

behavioral15

strelastealer
Score
10/10

behavioral16

strelastealer
Score
10/10

behavioral17

strelastealer
Score
10/10

behavioral18

strelastealer
Score
10/10

behavioral19

strelastealer
Score
10/10

behavioral20

strelastealer
Score
10/10

behavioral21

strelastealer
Score
10/10

behavioral22

strelastealer
Score
10/10

behavioral23

strelastealer
Score
10/10

behavioral24

strelastealer
Score
10/10

behavioral25

strelastealer
Score
10/10

behavioral26

strelastealer
Score
10/10

behavioral27

strelastealer
Score
10/10

behavioral28

strelastealer
Score
10/10

behavioral29

strelastealer
Score
10/10

behavioral30

strelastealer
Score
10/10

behavioral31

strelastealer
Score
10/10

behavioral32

strelastealer
Score
10/10