strela | 543841377cef6c81504bbb616c6a2993d9e0b2c017391c025e57728b78d3de38

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 21:49

Target

10464eaba00ba676880117961b1c75d0N.dll
Size

213KB
MD5

10464eaba00ba676880117961b1c75d0
SHA1

21f7ee9675b0916b49c4e35986f2cb5bf61e87a6
SHA256

543841377cef6c81504bbb616c6a2993d9e0b2c017391c025e57728b78d3de38
SHA512

9c37b3cd2b5b36e88874b5b12a3803798ae10f8c982f3534023232423160514a5f6f9eef81b44ec08176d0cd0f1feff0573790cd87975867131ba5bc285f80d9
SSDEEP

3072:PUP25lVasgonJw9FRpxNUM0QT/ne4E5OtIcOZijRxUdldZfl2wszJKNyQIW11btK:cP25HasJHQT/hIcOZKxWldujiIS1dUB

Score

10^/10

strela stealer

Family

strela

45.9.74.176

Attributes

url_path
/server.php
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral1/memory/1792-1-0x0000000000300000-0x0000000000322000-memory.dmp	family_strela
behavioral1/memory/1792-0-0x000007FEFAF40000-0x000007FEFAF7D000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\10464eaba00ba676880117961b1c75d0N.dll
1⤵
PID:1792

memory/1792-1-0x0000000000300000-0x0000000000322000-memory.dmp

Filesize
136KB

Download
memory/1792-0-0x000007FEFAF40000-0x000007FEFAF7D000-memory.dmp

Filesize
244KB

Download