Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 12:05 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bf08cb8946d1e68791c527fbbe5986fee7d94282857b635ae49c470af3c5eca7.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
bf08cb8946d1e68791c527fbbe5986fee7d94282857b635ae49c470af3c5eca7.dll
-
Size
128KB
-
MD5
5d93e05d4d8f3b3f5107b42c1025e3ac
-
SHA1
c743ca42e1b2ae07973c548212b6dbfd99aafdb2
-
SHA256
bf08cb8946d1e68791c527fbbe5986fee7d94282857b635ae49c470af3c5eca7
-
SHA512
93c83795cd8aecf8252a7dd50aa119fb6b5dea4d942ddfe727c023430d9f2036c74ea35ca3e77b89ba32e1e232d22295a7c07c19bfc45329fc6ae6c2b177ca3b
-
SSDEEP
1536:pqjIyXCf7tYe8r/4prk59JG4+3uE/jCQR/frtGX0sN2on3a3tO0yU95a:wcOChYP/4lk595+ttGX0s0o0Ei
Malware Config
Extracted
Family
strela
C2
45.9.74.32
Attributes
-
url_path
/out.php
-
user_agent
Mozilla/4.0 (compatible)
Signatures
-
Detects Strela Stealer payload 2 IoCs
resource yara_rule behavioral1/memory/5008-0-0x000001D727B00000-0x000001D727B22000-memory.dmp family_strela behavioral1/memory/5008-1-0x000001D727B00000-0x000001D727B22000-memory.dmp family_strela
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A13.107.21.237dual-a-0034.a-msedge.netIN A204.79.197.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2F2A96DA84896C34350F826785AE6D9B; domain=.bing.com; expires=Sat, 09-Aug-2025 12:35:26 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C02C0299E8A24BD49D7BBCC803193457 Ref B: LON04EDGE0711 Ref C: 2024-07-15T12:35:26Z
date: Mon, 15 Jul 2024 12:35:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2F2A96DA84896C34350F826785AE6D9B
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=q53ZuaPkpPGO7RmmuRe4MSsMpi22IGfEZH6Bxg1gfac; domain=.bing.com; expires=Sat, 09-Aug-2025 12:35:26 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B5245DE60E240C0BCEBE3977064F021 Ref B: LON04EDGE0711 Ref C: 2024-07-15T12:35:26Z
date: Mon, 15 Jul 2024 12:35:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2F2A96DA84896C34350F826785AE6D9B; MSPTC=q53ZuaPkpPGO7RmmuRe4MSsMpi22IGfEZH6Bxg1gfac
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A444AA250F034BD7B1998A7AC86D0A29 Ref B: LON04EDGE0711 Ref C: 2024-07-15T12:35:26Z
date: Mon, 15 Jul 2024 12:35:26 GMT
-
Remote address:8.8.8.8:53Request237.21.107.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request85.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
13.107.21.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=tls, http22.0kB 9.3kB 21 18
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28d5aec36eb94aa8ba872ec2b3dbf17f&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=HTTP Response
204
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
13.107.21.237204.79.197.237
-
72 B 158 B 1 1
DNS Request
85.177.190.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
237.21.107.13.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa