General

  • Target

    ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610

  • Size

    21.4MB

  • Sample

    240728-25gfmazgjk

  • MD5

    193642adb57aec509ba3fd698a09efd2

  • SHA1

    d9166b6ac1c069f028188357ff40256d7395868c

  • SHA256

    ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610

  • SHA512

    507c9698f6d9b2def0f60641b5eeef5a13a55f0a492af62abae7345b9b01d3cef490a689ff98fe899b2188cb4d3d74b1a655dccf370f31d01ca7fbca2041bc5e

  • SSDEEP

    393216:Es5Q1AuX1FFetKFOfzJyb2omyUw7RLo4WRsyo1fL79UXPj5MXHQqkJGlF:Es52AuXHQagzJk+yUwBo5oHUXPFkQ3K

Malware Config

Targets

    • Target

      ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610

    • Size

      21.4MB

    • MD5

      193642adb57aec509ba3fd698a09efd2

    • SHA1

      d9166b6ac1c069f028188357ff40256d7395868c

    • SHA256

      ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610

    • SHA512

      507c9698f6d9b2def0f60641b5eeef5a13a55f0a492af62abae7345b9b01d3cef490a689ff98fe899b2188cb4d3d74b1a655dccf370f31d01ca7fbca2041bc5e

    • SSDEEP

      393216:Es5Q1AuX1FFetKFOfzJyb2omyUw7RLo4WRsyo1fL79UXPj5MXHQqkJGlF:Es52AuXHQagzJk+yUwBo5oHUXPFkQ3K

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/Banner.dll

    • Size

      3KB

    • MD5

      4a90d392c9da5f0b90a75baf67c37e4c

    • SHA1

      73e875dafefaa16def7f77a428a5c131b7b9837e

    • SHA256

      045bd54299e1cf2d9e68f64e233f30c8a2c455d72645d4a4a9ca8874a7c510ac

    • SHA512

      82014b8fb94da3d158ef68a2488eb594bcf27d31132b4bbf2f4c441d00ed9d374d78cd013a1af6c59fd03716bf5c429cddf77c43e1e171df24086b70b7b9a13d

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      67d8f4d5acdb722e9cb7a99570b3ded1

    • SHA1

      f4a729ba77332325ea4dbdeea98b579f501fd26f

    • SHA256

      fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7

    • SHA512

      03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f

    • SSDEEP

      192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6

    Score
    3/10
    • Target

      $PLUGINSDIR/MyLangDLLS3.dll

    • Size

      5KB

    • MD5

      7050cd061f2ddac010e3382a57d5ede4

    • SHA1

      a0a1e5e89fb230dfa3c76ee15b0e51abead32282

    • SHA256

      dfca83b19ee2fe36479e9c1ceef2eb45b08851236dcf7a958141b1af03d27a21

    • SHA512

      5f8472dd37a1cc1aecad78610b71670989715a15f8911e658ce7da4c4b2d428f866c9e61df30f6660d91dd365b1c055676ef3a3f6ec77d826ef11175a713455e

    • SSDEEP

      48:aYZvMWeApYxYlxamAWHN+EuWkGWBBWAGr9SdLB8mT/59DvZVSA:JyWGSxamjHNDuWRWBBWvmT//RV

    Score
    3/10
    • Target

      $PLUGINSDIR/MyLangDLLT3.dll

    • Size

      5KB

    • MD5

      7daf32a01b28aa866efd69b4eb982c80

    • SHA1

      19b3587faab67bb817fe69dd6db28e779a284126

    • SHA256

      a959bc1ba7e20880b54e01506630bdbd578e7217ee93ff4505f3f35365eae3ce

    • SHA512

      8a5afab0b881b76d507611d50807ee22be234c5ccea629bc2117dc8e22b086d4dfc05508e50c483054609f47d84bfd57c423a87699f9a8458411826209f67f29

    • SSDEEP

      48:aYZ7wWeApYxYlxamAWHN+EuWkGWBBWAGr9SdLB8mU59D/ZVSA:JyWGSxamjHNDuWRWBBWvmU/BV

    Score
    3/10
    • Target

      $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll

    • Size

      5.8MB

    • MD5

      2e13e03b7cf2d8c8338bbc3d29fd3e07

    • SHA1

      173e6e67c5315474765dcd303b3214d5600c48ea

    • SHA256

      ea1552de423ed1768bace344d9a07bf529845c75fe6fc6ce3c4ba91d4aae5409

    • SHA512

      94220a07aea2f4a45ef6b7566baba5a9ce73e70236bf97fc2489bee50b662f3fd05824d7804dd544eef85d73e69091aaae5de3094f0866bf51521024eb3d168d

    • SSDEEP

      98304:eF0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0:eFFA7t2RHfYlQZJgTamGcBi

    Score
    3/10
    • Target

      $PLUGINSDIR/Plugin.dll

    • Size

      2.1MB

    • MD5

      67ad13de4800015f22cffaa96e1cdd41

    • SHA1

      542fb5baeea3f3b7ebdc70061790612ae9bfd0dc

    • SHA256

      ea847b3e559321f8825d4339ad503b8082546ad7f9ae1d8373914f2ffaf3e6a2

    • SHA512

      c2f776d6b4091dcc241ca25d3d1134f7487f6ffd1e58b6108d3dae655cdb949c3ded8a03a952ec33947c61cb0213fde25b79992ca86327e380f30140a881a79b

    • SSDEEP

      49152:sLiFc4XSrTu9TCEl/EswofHbTdTqTDvqPe:IiFc4XSrOHE8fHPe

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    • Target

      $PLUGINSDIR/cService.dll

    • Size

      12KB

    • MD5

      5bdb316e8d16364561e06249bb89457e

    • SHA1

      21d95c8d86baf08a3e077cf3d3683c3f69aa1ddf

    • SHA256

      ba9e6519daebd5ba4b9b46bbd03f5bc5bded03d0c64880ad0ed16d52dbd62789

    • SHA512

      550e7554143904a27c49f424666c76dcca0c17a316b0c05f0e775ba8e164f22de095f85ba77a557352794cf8630a235943f2b1db4be7c870b638835bd280f0de

    • SSDEEP

      96:0TbXaUVGsG6H+gqGP1LNT5NI8JXslshW8a69Ekp7fT8seaMT7Wz:07wFa+gHP/dHaig8aZkRfo2MvW

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      472KB

    • MD5

      4eba22ff92acbcd1097f6c93a9a58dad

    • SHA1

      f5a83d5d5f9ffc45b35dd402d35aafb3d60fe07a

    • SHA256

      7749ded2fef94814aaa6b88df2bf3ca1761a89d3e5a6b43f944b21cfc6c10b09

    • SHA512

      b02e3cf9b1a97a643b0f185284960c135a17c205c830b86aea6cf8a4459aedbf32393e8dcedd0ff5254fd2c0c3f923211f980a66a174c742d8797d11a9746770

    • SSDEEP

      12288:sDIvvPI8a85hcpHyPnFAx9nTRqq6mmzDvuBc:sDInPI8aZpyWx9nTRqq6mm3

    Score
    3/10
    • Target

      $TEMP/TemporaryComodoProduct/CBU.exe

    • Size

      11.6MB

    • MD5

      2c6d19e7d5f91b5ef322df2f30e6ad53

    • SHA1

      2acd52bbe67614ea784899e9a96898bb2d5908ff

    • SHA256

      442f3b1a6a282dedaf4e39de36af4bcce2c0b0c145d8895c7f236bc8576c84b6

    • SHA512

      d5db241a31693128199bbe588c9091c503c81b55bfdf5cb380a83f4a00a783aff3cbca25e03d3f1763f057b6f056c805d0ee093c6022baf08584f5ee3c85ec6f

    • SSDEEP

      98304:GN8nfosYu8Ok2ZPtHGuVGSjk3pH9NOi/59xF:GN8nf9udSelKinxF

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Target

      $TEMP/TemporaryComodoProduct/COSService.exe

    • Size

      2.9MB

    • MD5

      3ba14b96288f0528628e5c16345ea557

    • SHA1

      26d1ebd32bdf71da55ea06b5efb0eae839227590

    • SHA256

      c62fce59e46f7fb2311ba66bb147dda8c67ee09918456319e3ff79749e3ca912

    • SHA512

      074c31956e3b85628682bb39d79b2d048522a2429b5d88406d6cf9d0f4ba842a9fe9ebfd659490b77e86649f3c5ab8e05e7e08bc35ac672c9ed7ebc18aabaa71

    • SSDEEP

      24576:fVKC+sZlMnPTEkL+Ba/Ne4tDPtb9NbpunZSDvPoLOXMZMoj+gu3tVVdyJFqZjVra:9Kj+DrZV7cTahOTQjQEdR1KVlSTtiqp

    Score
    3/10
    • Target

      $TEMP/TemporaryComodoProduct/CSE.exe

    • Size

      4.4MB

    • MD5

      31937c9febacc5d52e75e9833ec43301

    • SHA1

      adc6023befe1b2016c82f3d1b5a78d74a2cf5e11

    • SHA256

      4904e78d4c43e14529d792d0006c149c1f5ab69234e1e78abb54632428a92662

    • SHA512

      a527b0b8b6a886038b45347a3889ef48893faa859293ac4ddf52d188ffcdecc7b29e20f6816adb329d369bef9da69d6053b98c4f8cca762cf70728045ba88f15

    • SSDEEP

      98304:nkBVg73kpKhFPPrOoeGVaKzGTeQQ2Lr1KM:nkBVg73kpKhFPPrOoeiw

    Score
    3/10
    • Target

      $TEMP/TemporaryComodoProduct/GUIlang.dll

    • Size

      120KB

    • MD5

      fed55523c06f4e5ff6b2b81d8f322a09

    • SHA1

      6b985e4ca3e6a4847fe1ade0a5a502582935361e

    • SHA256

      8f4c5c4e83e45531505836a6665e0566142099a01cdd4cebdc4a40c2a3d31603

    • SHA512

      f0057d0d5d9e395b2c44408db2fb7cf60c39eed0922cefb508bcb66f6851d143beec734fd56523040cb02aa1e3221f684639849cae380b9e0b7a3d53fd824b39

    • SSDEEP

      3072:X7du2EuMkw1R6t5Zjzz9FJ+rML0NYBqV1vdtM6MJyFK0F5+kKYz3BKwpNdOk7r1K:LduhuM5yt7z9FgrMLmjvdtM6MJyFK0FC

    Score
    1/10
    • Target

      $TEMP/TemporaryComodoProduct/GUIlang_CHI.dll

    • Size

      106KB

    • MD5

      de8eb072ee57d3f2dc7223f736a0d96a

    • SHA1

      990534d6c8487e6223086c8166135a6fc368d5de

    • SHA256

      e0cd9fbe9fe2059ccb8065a30c78a590a4678bf74641d0a9b951c8bd60eb0a8d

    • SHA512

      9c2cc1712a07f98621d18c6d43f855a7b28b29386db3c3a0ec069cd85a9623ebc0bc18f97ff171093043e316e9e7a017663ec3ea8e98edfc419681ec3c38a8e2

    • SSDEEP

      3072:FvSNMNGkW6t5Zjzz9FJLrML0NYBqV1vdtM6MJyFK0F5+kKYz3BKwpNdOk7r1cp9s:NSNMM6t7z9FFrMLmjvdtM6MJyFK0F5+4

    Score
    1/10
    • Target

      $TEMP/TemporaryComodoProduct/GUIlang_CZE.dll

    • Size

      120KB

    • MD5

      be2104381cf88aaa233f5037492f4ec9

    • SHA1

      653c6b094c8c6d9cd70f9586cf730249dce7d994

    • SHA256

      f32ccbe6ae2c9e0b3ca12a3fc16229385e3f542fcdfc7f94e97901e91932fbd8

    • SHA512

      ffa11e9af64b89495ed389178a001a7d4519a68d7e246876373f5251cbdb7506cf90bcb4d6b856da3b6b60959e046c1a36469bda27c410c2fb4f426d710f4dbe

    • SSDEEP

      3072:X3du2EuMkw1R6t5Zjzz9FJhrML0NYBqV1vdtM6MJyFK0F5+kKYz3BKwpNdOk7r13:nduhuM5yt7z9FvrMLmjvdtM6MJyFK0Ff

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

strela
Score
10/10

behavioral1

streladiscoverystealer
Score
10/10

behavioral2

streladiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
6/10

behavioral22

discovery
Score
7/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10