strela | 9b87b62391f32ae8191d3cc4ae27a66acad2394f5dc37ce4ccd8acfcd06e6e0a | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 11:21

Sharing

Report Analysis Logs

General

Target

2509.dll
Size

122KB
MD5

efd359e9ee52dabdfcdb048f70794e64
SHA1

5aed7258a5d0f101d5f2a000104edd154f15eeb9
SHA256

7b4543b495152361104e67db8bd8aa3f74f8c2f2e6caf69ce4367748db51f584
SHA512

de4e3caa83e380878600cf00103ab53a6f89f2be9f777c2ed733e4d201fad095837c9cf352091dd655d0b6df2a0670510bf71e745595cd2a071071e6c4c78c5a
SSDEEP

3072:++W4zpqlqAiZC2FcVuPvd8i96bnoYCluH7X4uMSQ5L7gqMwyFuD:ZW4zpqBiZZ6Vkmc6bnoY8uHDOSg7Phys

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes

url_path
/out.php
user_agent
Mozilla/4.0 (compatible)

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
behavioral20/memory/1696-0-0x000001BDE4050000-0x000001BDE4072000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2509.dll,#1
1⤵
PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-0-0x000001BDE4050000-0x000001BDE4072000-memory.dmp

Filesize
136KB

Download