Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b3d768ea03a96e24f685e30258501131bd9685a894c49ccb3918b4f38f0733e6.zip

  • Size

    51.1MB

  • Sample

    240713-nvn6tsyhql

  • MD5

    0b4a6c1635eccfe1e2d14fcb1ac1dc5d

  • SHA1

    3e177874c60f2966e818a184aefb193734a4176d

  • SHA256

    b3d768ea03a96e24f685e30258501131bd9685a894c49ccb3918b4f38f0733e6

  • SHA512

    8e9ab36cccfd01740e71cd8ebca5b0ff39297795a493a664bd5f7e2c9210637a48ce25e670e3219783b0c269146ad8006f1df7d5c84bdec639b3c051c3b29ecd

  • SSDEEP

    1572864:9NjhU4+5iKQAQYjwtnZ/MgogCjrHmsP8gM7gaSINw:904+oKQAQYjwtnZ/MgyPmuViU

Score
10/10

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes
  • url_path

    /out.php

  • user_agent

    Mozilla/4.0 (compatible)

Targets

    • Target

      500.dll

    • Size

      123KB

    • MD5

      fb3331c85e3e688287bc164976bfffd7

    • SHA1

      37ff94d4cee52f5c6d70390cd280b88f68b3839c

    • SHA256

      9f5f8c1f0742b9e5fbadb54e3962b4194da2ce18056dc8af26f138ff7d78cfe0

    • SHA512

      e7fb352546e2eb3dac07951eb45057cabe03326dbfa88b9a593363c52699e8ba6e64620d27d895b85ec9b120d743f5063eeb83b1654582bce10e3a5305cabe28

    • SSDEEP

      3072:QmyqNgD8rzjJoyVPqOJM7iVCouySg4+VE2cO:QNZIfVoyPJM7+Qg4CcO

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      501.dll

    • Size

      124KB

    • MD5

      114c8c3f0806a330dc7474ce58868376

    • SHA1

      8bbbd29ec944edc87a004126e9e35b1ab0df746d

    • SHA256

      8490403401fb7626c1d7866be29025cdc476f6269770892b99afe2478de9bcab

    • SHA512

      0bdc5d385d589e24e6aea5cf08eee4c58074089e869adf1ecd1fb449b7f06e98012931dd2c0277b24cc9a547272fd8590f02e285b13a3dca461d9f67e07dd9ce

    • SSDEEP

      3072:+Me6tb/Gt5Wjniy7jLbQ4bmq3IIHyxDNyXJ/30rUniT:+Me6tb/9m4VicxS2Xlzn

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      502.dll

    • Size

      125KB

    • MD5

      82e436fd6854a74fd6ab10e4d65242e8

    • SHA1

      d425e42a9da6447edeb7c9557022eac17d9c7130

    • SHA256

      54317967fdd7ecf9fc576befcde609230bfb41a6d5270c3e436e5ec8a24bb39f

    • SHA512

      02dbd88a21c6b2c998d676e02448679a00d5443344209e564fa344c3068ed1c027f309fb6415c7b2d5115777dcc0825ea3738635b0cf982ebfa7f52c808118ab

    • SSDEEP

      3072:6YCJOpu7fbLbLAWybgDaYzK+QtujNn9PW/Z81aG4J9Jvbwjx:6YCJdLIcDJKZujzW/RBo

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      503.dll

    • Size

      123KB

    • MD5

      66309f5bf3835cf657adb8c4950333d1

    • SHA1

      f69692bf2f6fe8dfa98b69fadafb07a1a231ec4f

    • SHA256

      e3bf10b27276e981ebba89ccdca990f61ab78e89586288bd81d2fa5593ae92b6

    • SHA512

      93049b15b4c2fdb1b32ad3686beb5f5ddf7c623c00d9abeeea41e9385ac742afa4170c6f97acd7a765bbd808496ce5cd23de2c357156eff3a911a95ca97eb675

    • SSDEEP

      3072:GDtRjuiDF1NGUKFIxgB31tsz99Vopnj2UFgdya:mHlPNNKFiEsz9fop6UFgEa

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      504.dll

    • Size

      123KB

    • MD5

      2f4276f5f48b44a5fceab0b18421c1ba

    • SHA1

      cc220bb01b06d31d1ba6bc012481472a92ca9e9c

    • SHA256

      63b7b232d87b0a20d6080c43611ab06ac0b89e9c818340568dd6803844e29866

    • SHA512

      d63c1d9fb8c45051789b598fa19670556b363f9ecc1af920e72b300684f7fac5c22884dbafba50a142bdaa36eb7c2ff6b5c06dff239c9c8a679a02c775545b53

    • SSDEEP

      3072:FoA7a57UBwW+iKRYn0eBf0lTvSHJalw76/ZHIZFucU:FoA7a5rW+iKRY0PBSHJaQ6hHIZFuc

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      505.dll

    • Size

      123KB

    • MD5

      c4e5a4646b955f14e8eb734314ff0d1e

    • SHA1

      ddd078363b5d39a7c5c982769af58806991d3375

    • SHA256

      b7d688c08c7a175d524a4cbe22d282b334d6fea57062356b8f3195758a50c4d4

    • SHA512

      ac2b2752ff5237f3c30373c8b8d67cda3a95a79276a7b05d62c53889b1b056e7125be1383514a13e534dd2b11b1af96473fd3dcb1d877d55d63cd1ca21859c95

    • SSDEEP

      3072:HFAb3uN0Px75s8hgcSHlbvKGaehxmFMnC9igN5B8:lADuN0Px7mTD9aeGiUo

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      506.dll

    • Size

      125KB

    • MD5

      5bba421ec277a9d8bdf6364d41d9ed9a

    • SHA1

      3dc69860e1bd8996ddec7ca03aae12fdb97f3c9c

    • SHA256

      05b705f526138d5f755a0580437b585d8aaa97cfce786e51db7ad3689ef7f4f1

    • SHA512

      967557e2ad55e569239d8d7a5cc1553f940987363baf3c077797854a5dcd8d439b584d34d61dd2e222906f2020932985c46c2c6835e24a5b8202f2bfe9c63ad2

    • SSDEEP

      3072:hXKYQqTlH+Fip+CEp2CD10diTY4TcfHh3h99:BQqBH+MpaiATG3n9

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      507.dll

    • Size

      124KB

    • MD5

      8db0858736e5653006eb3504f858cb3d

    • SHA1

      8309a432a5d631fe8ea29210d654ca7fc7861565

    • SHA256

      a41607f859ad2ad64a1116a266475aefa69eb2f5f2daff734ede6d3d76bb9cf9

    • SHA512

      91b20324b95d1415ec5eafba6dbde708d98449e497d3e147d3f9e6e9aad551eb3ae1a474b280771dc0ec616e5d4778238059fa5e4a1d39bea688cd0bdadb39d2

    • SSDEEP

      3072:0g6rM48oJXrXHYPUy9ZqlUsVxBgwvfNF4g4g:36rF88THGUAZqlPngwvfNF4g4

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      508.dll

    • Size

      123KB

    • MD5

      4c49574de612156ddae3ca7debd7bb66

    • SHA1

      71f1f16e69c66212641e304176af69182735e7f6

    • SHA256

      f7a037d4341f0d853f7fa6a6b5b5390c56a6c92963bbeff35562e53a93ef634d

    • SHA512

      c1d847accdd9cf8196daacebf538cd0ea3bdfbd8a67f1a2b1990966af53ae26c0e4565f6414560247b4dbe3481064142759b3af29409c33f89e5fb65631f6e72

    • SSDEEP

      3072:ZaW/Af+gFuNlzvWMjMsAE6/TSf/sobSzRonUm:DofKNpOMQZ/dRzy

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      509.dll

    • Size

      124KB

    • MD5

      3fe71fa70f89c5dc5730e876e0b8f063

    • SHA1

      40454ae2a75cd7b294feab0c3fd619abf29b6737

    • SHA256

      1fcd01f29756c8b82ca95b71ff581769393c552fef78551dc0a9bbc7e29bf0d7

    • SHA512

      072af1aa372006b17ff2f9ba6f8c5348cffea05c354e41ee7fc86a68f50c16fb0c4a3b83c5bc0f8a6e3c7d75109b32cb5ce66d4924b30ef0c6b470357faed01c

    • SSDEEP

      1536:RbAG2dshHzQGZ+5l4nenSwEUniYc7ELbDPLGRu6Bwf9GeoRhqubIpoSlTOA5NFon:+4t87SwviE7DGRKfUeoLzbIeSNz

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      510.dll

    • Size

      123KB

    • MD5

      796e8601e1f895c6379ed54ec5f6b276

    • SHA1

      6d93afbb339891f011cfe4ffdf63bb475ee94c4f

    • SHA256

      1c814c9ba5c1af7c333aa4917d7381f9831eaf886006854fcbf1bd439dfedde5

    • SHA512

      2442c3803ea1777f5dc90528db3edcf2ba94a40970b268279b9920b15434e4452ebaeac7ba1cfbb44f9b9e91617e87558f48e2e83d56601c6b91739a2b0e1450

    • SSDEEP

      1536:cAGa25A00wQIkZ7iT4GhZnT9DerN0ChN0/xrmj9w40E6dedI8zGM8Wyfykom/iIf:cnxtdM7iDvnpwP01w9iNedI8mR/z

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      511.dll

    • Size

      125KB

    • MD5

      d7ad35b5aec2f0d01c3cced40a1dc534

    • SHA1

      726d7cc632d2dcf9b9972eb1e7b2f6a73a9643f8

    • SHA256

      98d2f2a13689f0480b5d2b26a646ed519e791d3969ef4cbf272a9333118bb71b

    • SHA512

      cd4170809aed034f835c170dabe80378ae13bf491ccf1096dc39a905556cd7f1c2373ae925ffe5a04c573544480928b0de3a8afd43d3dd07fda8dd329cf3045d

    • SSDEEP

      3072:GzWhm1lCSZM7NpJNAF6cg1TAwCCD0uQa2u8B:Pw1lVe7I0rTA1y0vaQ

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      512.dll

    • Size

      124KB

    • MD5

      3b1dbcc83056b654c962359809ce8148

    • SHA1

      e4f9590654299aa8831289d88fd5974afcb11a28

    • SHA256

      5a129571920feab0c14d7281dd18b334f5034c53cae25f204a428c8c649f50b8

    • SHA512

      af167096ebae15734b8a753aa12052204db7b8cddc0e78538078d4626c0a3e38d32195b38cee2231f139b08915b14f22bbae1b6248320cc212b059715d9eb93e

    • SSDEEP

      3072:7jYx5XClrJCgezXmr8InGkz2fyCVNLJa1lUH/q0xpRv4Bd:725SRJcLvK2fyKx4b0/5Dvy

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      513.dll

    • Size

      124KB

    • MD5

      34420534a7fa236f943dfa59a1e41690

    • SHA1

      a6cbd872f19360d97a311e88de72e088cd4c8359

    • SHA256

      edc482f5ce79f85777dcfdb8132a5a0283fe4ff4cb53643c4d46922ea136fc72

    • SHA512

      ee71804082b9a886051fc330ccd618a655830fef51cfea0155716a66553fbc85547de229c652fe7e04a4d2d847440a587361096b8b158e25d8d7318d5f9d2cd1

    • SSDEEP

      1536:fAsm/CIdCjy8Tskx4MdJwsctZjIpjV2NdtDIGjzV+at1W/nlPYgv5avLBcejG:fDFjyEHcfjIpjYIKBJtc/nlQhdcej

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      514.dll

    • Size

      123KB

    • MD5

      52ccd68a5d83e890803c500494c27f10

    • SHA1

      c847be84747c2b8ee235a1fa0aab69cb188a7fc6

    • SHA256

      111b3ef643db3682478ef8a500f84c79cedf8eea189fd5c0344fc2ec24e147c5

    • SHA512

      ac7ec08d14cf454e37bbb2120cc96f115c9b56748135bcdda44ac35432c419205faac1b5bddc24a2830fe4d2f45e0a1ea69ae709feff670920b858afded153f6

    • SSDEEP

      1536:TIq+1m9BSpMAfhFLa4bF1P/jHaChRoMachZqzXEYOSZZr0yQige3DHkX9viS+l6y:s5o7qMAJJaKD6ChRpSpDbXHSj

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Target

      515.dll

    • Size

      123KB

    • MD5

      cf395023d04dc4e53252330011bbe54a

    • SHA1

      30bfc652ee9612a1922a8c6ba1d3f1c799207dbb

    • SHA256

      c9c74178d64838d056386b2d4d8428f8d7413be68574b1d82ed6e671f2147d7f

    • SHA512

      23ee2289e0f8795ebaf2754296e3b189ec8abc3454c2c458d5c400a17d8c08ae4102bd75863a139d6314e324cd77e3ef8e0c46b2627b3ebf94a8cd338d2a9305

    • SSDEEP

      3072:xeMQhhfmfZ6eB9A5C44C5jkJJ76QXNpZlzi:xeMAhfmfRB9AskZk376Qd

    Score
    10/10
    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

MITRE ATT&CK Matrix

Tasks

static1

Score
3/10

behavioral1

strelastealer
Score
10/10

behavioral2

strelastealer
Score
10/10

behavioral3

strelastealer
Score
10/10

behavioral4

strelastealer
Score
10/10

behavioral5

strelastealer
Score
10/10

behavioral6

strelastealer
Score
10/10

behavioral7

strelastealer
Score
10/10

behavioral8

strelastealer
Score
10/10

behavioral9

strelastealer
Score
10/10

behavioral10

strelastealer
Score
10/10

behavioral11

strelastealer
Score
10/10

behavioral12

strelastealer
Score
10/10

behavioral13

strelastealer
Score
10/10

behavioral14

strelastealer
Score
10/10

behavioral15

strelastealer
Score
10/10

behavioral16

strelastealer
Score
10/10

behavioral17

strelastealer
Score
10/10

behavioral18

strelastealer
Score
10/10

behavioral19

strelastealer
Score
10/10

behavioral20

strelastealer
Score
10/10

behavioral21

strelastealer
Score
10/10

behavioral22

strelastealer
Score
10/10

behavioral23

strelastealer
Score
10/10

behavioral24

strelastealer
Score
10/10

behavioral25

strelastealer
Score
10/10

behavioral26

strelastealer
Score
10/10

behavioral27

strelastealer
Score
10/10

behavioral28

strelastealer
Score
10/10

behavioral29

strelastealer
Score
10/10

behavioral30

strelastealer
Score
10/10

behavioral31

strelastealer
Score
10/10

behavioral32

strelastealer
Score
10/10