Malware Analysis Report

2024-10-23 21:38

Sample ID 240716-yvmm4s1arb
Target 018fc75b039711e4535c43f1d1c0f200N.exe
SHA256 1589bd2cd7f5175f5be5237ddd5b86faf36abfbe72335677a1b8d901b7e3ab26
Tags
strela stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1589bd2cd7f5175f5be5237ddd5b86faf36abfbe72335677a1b8d901b7e3ab26

Threat Level: Known bad

The file 018fc75b039711e4535c43f1d1c0f200N.exe was found to be: Known bad.

Malicious Activity Summary

strela stealer

Detects Strela Stealer payload

Strela stealer

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-16 20:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-16 20:06

Reported

2024-07-16 20:08

Platform

win10v2004-20240709-en

Max time kernel

109s

Max time network

114s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\018fc75b039711e4535c43f1d1c0f200N.dll,#1

Signatures

Detects Strela Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Strela stealer

stealer strela

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\018fc75b039711e4535c43f1d1c0f200N.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1260-0-0x000001EE30830000-0x000001EE30852000-memory.dmp

memory/1260-1-0x000001EE30830000-0x000001EE30852000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-16 20:06

Reported

2024-07-16 20:08

Platform

win7-20240708-en

Max time kernel

119s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\018fc75b039711e4535c43f1d1c0f200N.dll,#1

Signatures

Detects Strela Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Strela stealer

stealer strela

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\018fc75b039711e4535c43f1d1c0f200N.dll,#1

Network

N/A

Files

memory/1476-0-0x0000000001D50000-0x0000000001D72000-memory.dmp