Analysis

  • max time kernel
    94s
  • max time network
    99s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/07/2024, 11:40 UTC

General

  • Target

    4cc1fede57b8094259dc3be0b47ce7a534f5e29d7ff9dd63bbaaa390042ca155.dll

  • Size

    125KB

  • MD5

    ee8b2c4623da525d3d9dfe1ebc1cf8fa

  • SHA1

    16d0491095bec426656ae2efe22d5fb1bea3650f

  • SHA256

    4cc1fede57b8094259dc3be0b47ce7a534f5e29d7ff9dd63bbaaa390042ca155

  • SHA512

    4e4d22201f53df786c5cb608d4687e185044c46fbd1bb7575cccff0babf8efebc85fb0374f6cb38ad6ccc63dcd8d709c35ca575ae47fdbdfc31fb4a096bce294

  • SSDEEP

    3072:poaTyqJ7HcWAIEiG0S49R/b9w/+c9uoKCmKs:SaTh1cWApiQ4TT9nqX9mF

Score
10/10

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes
  • url_path

    /out.php

  • user_agent

    Mozilla/4.0 (compatible)

Signatures

  • Detects Strela Stealer payload 1 IoCs
  • Strela stealer

    An info stealer targeting mail credentials first seen in late 2022.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cc1fede57b8094259dc3be0b47ce7a534f5e29d7ff9dd63bbaaa390042ca155.dll,#1
    1⤵
      PID:708

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      132 B
      90 B
      2
      1

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/708-0-0x0000025F0B0D0000-0x0000025F0B0F2000-memory.dmp

      Filesize

      136KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.