Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/07/2024, 11:41 UTC

General

  • Target

    4f7ba3951f4fc51c4c1391fd62a66026c59cdec5b38dd33f4c8a5957944bf6df.dll

  • Size

    123KB

  • MD5

    a5a1c3fb6644530db92a25326c4b0976

  • SHA1

    d2e4c2b3ca54fdc2d04568db8c76a8108834817a

  • SHA256

    4f7ba3951f4fc51c4c1391fd62a66026c59cdec5b38dd33f4c8a5957944bf6df

  • SHA512

    e911d96854ef46ffb69866f63cfbf7904302bb38061a623d57be1c3a7adb789fb83270708bcc091008c5dd7af08d69aace2fdfa0a302815836bbe0860611f29e

  • SSDEEP

    3072:jOGWOj6RPLGyUlaaeewiaOaSpns9dkd+SIKvXR3PN:jPGPLHOa7qaOxts9dkd+SxvXR3PN

Score
10/10

Malware Config

Extracted

Family

strela

C2

45.9.74.32

Attributes
  • url_path

    /out.php

  • user_agent

    Mozilla/4.0 (compatible)

Signatures

  • Detects Strela Stealer payload 1 IoCs
  • Strela stealer

    An info stealer targeting mail credentials first seen in late 2022.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f7ba3951f4fc51c4c1391fd62a66026c59cdec5b38dd33f4c8a5957944bf6df.dll,#1
    1⤵
      PID:2376

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdaue00.australiaeast.cloudapp.azure.com
      onedscolprdaue00.australiaeast.cloudapp.azure.com
      IN A
      40.79.173.40
    No results found
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      142 B
      291 B
      2
      2

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      40.79.173.40

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2376-0-0x00000178539A0000-0x00000178539C2000-memory.dmp

      Filesize

      136KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.