strela | 49a7d26eb8022c5edc59707b013f38d41ba8838f987e676f6385c3d46c7ab998 | Triage

Sharing

General

Target

6ee09985aad01926c5ec335e48c36950N.exe
Size

1.9MB
Sample

240724-lk7t3ssbmh
MD5

6ee09985aad01926c5ec335e48c36950
SHA1

e21abc81cb0516782168eda2bc1706f7bf1a3614
SHA256

49a7d26eb8022c5edc59707b013f38d41ba8838f987e676f6385c3d46c7ab998
SHA512

dafa5a6b7a4408f2e3d9b920ce4e03e45638ca767cb9dd585d7417bb6ce11b092287f08c7b97e9f8c9d2af7cdb6585dcb3c2bec36afdc22c460a5f0299e36a1a
SSDEEP

49152:Q8t9VWdeTu1rsEJHCPwVmb8AKe3kAIugoiau0zZEjafp:Q8qeTUsRP+AKSZzJR

Score

10^/10

strela discovery stealer

Malware Config

Targets

- Target
  
  6ee09985aad01926c5ec335e48c36950N.exe
- Size
  
  1.9MB
- MD5
  
  6ee09985aad01926c5ec335e48c36950
- SHA1
  
  e21abc81cb0516782168eda2bc1706f7bf1a3614
- SHA256
  
  49a7d26eb8022c5edc59707b013f38d41ba8838f987e676f6385c3d46c7ab998
- SHA512
  
  dafa5a6b7a4408f2e3d9b920ce4e03e45638ca767cb9dd585d7417bb6ce11b092287f08c7b97e9f8c9d2af7cdb6585dcb3c2bec36afdc22c460a5f0299e36a1a
- SSDEEP
  
  49152:Q8t9VWdeTu1rsEJHCPwVmb8AKe3kAIugoiau0zZEjafp:Q8qeTUsRP+AKSZzJR
Score

10^/10

strela discovery stealer
- Detects Strela Stealer payload
- Strela stealer
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $0
- Size
  
  47KB
- MD5
  
  c5477d003a23b0944dbcdbf25f886177
- SHA1
  
  7e1ed4c4b57abccb1fa33f0bad156af362a7131a
- SHA256
  
  ccd8bf688121e525ef6fbc6429d9b3a31a1f2ac1002b84bae2808fa46efde5ef
- SHA512
  
  d8414ba41e490fa517822cd2b18a07c1abec85ca800dd60fa6fc27484d69966de2e54dce6ad53040a359b772483600e137f157c4209e1eacb7252e61df78e962
- SSDEEP
  
  768:P65zgCynVlXWh1+OU/hYJweGvUAu3s8yTLPkfGnTEDLGRvycCB1:iqPlXa1vU/sweGs7sPTLPHKcCL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $2
- Size
  
  2.2MB
- MD5
  
  8e1f07c8ec91b5c63eccd0c6cb00a027
- SHA1
  
  89afb7d39ed1935f25f8c43b60ab2fdcba58447f
- SHA256
  
  d82c089a395db0691c1c845b68c1b1743de8985feb47ec5e03f0db80a5c1b195
- SHA512
  
  138f90453e58a34f53cbd7d1700fbc9377c4d67f55119df5198d5575a1ab07e2d00e51562c14d9f8f8120169f2d977948a06cb600ba16c5d53e141b76e39f497
- SSDEEP
  
  49152:uxpVf/Sa5WFtRnCU/6T2hzSBZvvT9dPZpU7Up9rXCzT5Sp/VZt6pOd:GSa5ICU/T8vTw7U7C8VD
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $3
- Size
  
  1.7MB
- MD5
  
  69d7734b204b81b646d0f8576e7dc8d6
- SHA1
  
  a37786dcab45c963d44a135db52b21177847508b
- SHA256
  
  24316fd026bcf76caa990e27e3dfd38126fa5b71763fa576ccab43cba6eafb2e
- SHA512
  
  0d93c3b9f664c36af3568484352aa09925cf04f9ccdf07bf7a1c7dbd791cbb98b8c18043c8220fce0c9b3defab90586a86d2cddf225980518a3b9e854026c79d
- SSDEEP
  
  49152:a/dZ0ao9Uns/o6TW2uDg3riKPTHBRbBxvcaqxiJrcXKu4p/xTR3Z4HKHR:sZ0ayUnn6TW2uDg3riKPTHBRbBxvtqqN
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $COMMONFILES/supportdotcom/rang/driverinst.exe
- Size
  
  14KB
- MD5
  
  d438e54362ece5ca631db9e0f2d79aa1
- SHA1
  
  addf93978ac900407b4e13ca380bcf44eb9c491d
- SHA256
  
  e37410c361deab05416d28f6aff1a734630fcaefe0a3bf581df7b8fff65b4424
- SHA512
  
  f24bda5f8a4782062f71a97fea57f191090d1cfeb43db1bd92d1ff90745c39a25b50a82799c488c81018fc1e4e27bd9e4b52309e8ed6f2453edc897ac4606bd9
- SSDEEP
  
  192:Loyf/DNEJ92JOfs7QtJwnYe+PjPErQdq+v5r9ZCspE+TMwrq6n3:Tu92JOfs7QtJwnYPLtdqeMlW
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $COMMONFILES/supportdotcom/rang/driverinst64.exe
- Size
  
  16KB
- MD5
  
  38377a28f213b6bb042e60e4b457f516
- SHA1
  
  0499b92faa65cd1d00640715c998d2500ff4eebc
- SHA256
  
  ca67f164a2ee8be79fb156ac3cdbc154ea8a761bf49e88197c4c07a3a325a2a9
- SHA512
  
  e522e4a4157849612017af61b8e6db94c67503872a76fdfa1e342908f9292f296e7e462b8bf02155028e10e1860288bc5acb5490fa7b3136b19d6b8b68fe3319
- SSDEEP
  
  384:fDiM40qeRbrYezdNYtJwnYPLtdqeMd3qBO:fD5RgKNQ+t3/
Score

1^/10
behavioral11 behavioral12
- Target
  
  $COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll
- Size
  
  31KB
- MD5
  
  28b26600204f79045eda8f7fd8ca3c86
- SHA1
  
  b9f19e36b80eb862370d99b466664380440af6d5
- SHA256
  
  5140f07b878efd1b74ee9f5821a207d1cee65952702ff75c49a4522face230c6
- SHA512
  
  aebd4425b846883e1f49da18edf3b7c96a9fb9ddb7ce709938b21eae169bdaeb5ce6bf8593638b5c887b26de7476b793a4691a7d56e46796bb658f1e516ad3c1
- SSDEEP
  
  384:KzkRjefjUQ2IeuDLnoEGfNu5hPpObpgmNZy047rGAU0rnFM3b9YJLeUmbCJA13o:0yuYIPpO9gmNZy37rjUGncboLeBbCJc4
Score

1^/10
behavioral13 behavioral14
- Target
  
  $COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys
- Size
  
  9KB
- MD5
  
  1100066057fbf612b573efd3b21383f1
- SHA1
  
  f95db83ea936f1fe70583a4eca810da807167dfe
- SHA256
  
  894f5a999e03807dffea67938d2e456d50d9e5511fe91d2e2293c51d98b3d87d
- SHA512
  
  62850de88b00daeab3299fec2bbd9aa0b07f766b96f42392310cb4f23c9e50f0aa8bc87f82e28cd99c195ea205a26c083d048cbac3341861dcee4a5eabb9dea8
- SSDEEP
  
  96:nhVr58/4Yg+iPoHQjzQMLy+eloBw+ebCfMSy2R2KnlTkqs1IHb9S:nhm2+yowJL/elGw+ebCfRyQpkqs1I5S
Score

1^/10
behavioral15 behavioral16
- Target
  
  $COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll
- Size
  
  27KB
- MD5
  
  c48e3ca416da093ae18db54ebe8c13b3
- SHA1
  
  7d06586938d286cb03900a302633774b3653214a
- SHA256
  
  f7f6819a38b2dcc2541777a4a7ce3d85c4c27b8afd7513220c7388e3ad3f1b52
- SHA512
  
  30f5466e98e3273ebd8cd4c5eee35fbd0257bdd1874c3175ccc775d05aeee8d67dfd040b09bf14ac00a131e3e5b3c473f4ec078ed2ebf89d2b63999fc1c3c59e
- SSDEEP
  
  768:IEoI8qJUk4NOWX7rHvbY01aGkHSb9LeBbCJcw:zoI8quUsLY01azI9qRCSw
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys
- Size
  
  9KB
- MD5
  
  f843301bdadb2728822c83413ef5f132
- SHA1
  
  3d8b8514078b19cc98aed4b0d74d1497b79f3512
- SHA256
  
  c36cb4e972671c9c7fabfeedd20fd1e239afaf69ad88586a32b9b2c1fa2a2fdf
- SHA512
  
  552b28d05169bb52dd336d2b2b547bf0cde2f855f28109338544e98c63f27f22b6287a00b9addc0efe089670f5a844996b0a9eedc87d1d64d4086235047adb0c
- SSDEEP
  
  96:/OlR5IPbgYBiPoHQjzQMLy+eloBw+ebCfMSy2R2KnlTkqs1IHb9FPI:sXuyowJL/elGw+ebCfRyQpkqs1I5FPI
Score

1^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  ssranghk.dll
- Size
  
  39KB
- MD5
  
  83be0ee6c613d9efeb83c9dbbe553144
- SHA1
  
  1cb38f5859c79bf0eb1655aaebb226c3c11f5735
- SHA256
  
  6c02f0943a5fccd91c21f812c3817c52138d514123ecf52f95c761b0edfd5101
- SHA512
  
  e92bdf99976497991cb4c565237fa9d5d05d6d658e0e5302eed87baa12745455c07d1bdc307fe93260b34a5490b856d0ea1612b4ac6201c0c40c16014fc00b9b
- SSDEEP
  
  768:sX4j/ABFxIQ76prJnTMNhe9mnTEDk3vy+/Bm1M:60+F+Q7+rOzZu1
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

streladiscoverystealer

behavioral2

streladiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24