strela | 24a36dc957a9b7280664931649541063d09834907d399d63a2b0ca42c4a301ed | Triage

Analysis

max time kernel
32s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 10:01

Sharing

Report Analysis Logs

General

Target

c0939571c0a1f3dd6b00851a9affeb70N.dll
Size

260KB
MD5

c0939571c0a1f3dd6b00851a9affeb70
SHA1

28ade9ff9ab37701dd48d3a4d7771d25668c3f5c
SHA256

24a36dc957a9b7280664931649541063d09834907d399d63a2b0ca42c4a301ed
SHA512

57d9bdaa73fcb85cc38e8c9d5dec4268e5393cf0ac6d0b15c6fd225510de7ed2825b1f7b5ace4e5d00c431419f9bbb639f4ec09b7763f64387cc977221e4bb4f
SSDEEP

6144:YkIOSuPT9KTR2OoHH/DcRez7ksB/apsssKttUB:YibTAR2nr40tCiB

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

45.9.74.176

Attributes

url_path
/server.php
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537

Signatures

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral2/memory/3940-0-0x00007FFE9B360000-0x00007FFE9B3A8000-memory.dmp	family_strela
behavioral2/memory/3940-1-0x0000000002660000-0x0000000002682000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c0939571c0a1f3dd6b00851a9affeb70N.dll
1⤵
PID:3940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3940-0-0x00007FFE9B360000-0x00007FFE9B3A8000-memory.dmp

Filesize
288KB

Download
memory/3940-1-0x0000000002660000-0x0000000002682000-memory.dmp

Filesize
136KB

Download