strela | 09c6ec0da25e5c798d40dae443066e44c38b13540cc8d4d4b652518d644922fc

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 20:43

Target

19ab872f9ee6f0eb32021f3ea38be650N.dll
Size

253KB
MD5

19ab872f9ee6f0eb32021f3ea38be650
SHA1

45571c4510edd1a66c85d31af3bf1ebdd8fdaaa0
SHA256

09c6ec0da25e5c798d40dae443066e44c38b13540cc8d4d4b652518d644922fc
SHA512

57fcd657d7d21d8f8ec975daa09433eca76397b0c6c248c7ffe067fb99c1d620a1ae44f07c1cce118911f4963d3a7103314c60b617f9aa239937f32921dfa14d
SSDEEP

3072:LqY1OlAf7aa7R62TvB/Ild78Xu1GEgTKy/O6FqMz5//JoJHyBUB:Lb5k2Lald78XjQyd0Yt/+KUB

Score

10^/10

strela stealer

Family

strela

45.9.74.176

Attributes

url_path
/server.php
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral1/memory/2976-0-0x000007FEF68A0000-0x000007FEF68E7000-memory.dmp	family_strela
behavioral1/memory/2976-1-0x0000000000200000-0x0000000000222000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\19ab872f9ee6f0eb32021f3ea38be650N.dll
1⤵
PID:2976

memory/2976-0-0x000007FEF68A0000-0x000007FEF68E7000-memory.dmp

Filesize
284KB

Download
memory/2976-1-0x0000000000200000-0x0000000000222000-memory.dmp

Filesize
136KB

Download