General

  • Target

    MPEG_ActiveX.06.36.0233.x86.msi

  • Size

    37.3MB

  • Sample

    240729-2ertnsybma

  • MD5

    d6ce324f669b7481db57dcb6569d1303

  • SHA1

    0734fd85d74af7e5bcc64f959352a926abe0b384

  • SHA256

    698c0b8ece8ae240667c4c2e024851e61693ab0c516e7ecd588ffcc1b6f4a2b2

  • SHA512

    3f9d885380115389c6668b54d37987f8deb7c6dd819f7cb52839eb66e8ef2b3b4d899bffcdba5fa3f70a7cd47d5795176372a4c5d72047aa9db3155e623cd026

  • SSDEEP

    786432:N0AfMHWjYBBrduanOx4482GzRh8NX5NBHNvjzm+TgtcJ5g:mHA6uUOx4482gRhmJvjzPkcJ

Malware Config

Targets

    • Target

      MPEG_ActiveX.06.36.0233.x86.msi

    • Size

      37.3MB

    • MD5

      d6ce324f669b7481db57dcb6569d1303

    • SHA1

      0734fd85d74af7e5bcc64f959352a926abe0b384

    • SHA256

      698c0b8ece8ae240667c4c2e024851e61693ab0c516e7ecd588ffcc1b6f4a2b2

    • SHA512

      3f9d885380115389c6668b54d37987f8deb7c6dd819f7cb52839eb66e8ef2b3b4d899bffcdba5fa3f70a7cd47d5795176372a4c5d72047aa9db3155e623cd026

    • SSDEEP

      786432:N0AfMHWjYBBrduanOx4482GzRh8NX5NBHNvjzm+TgtcJ5g:mHA6uUOx4482gRhmJvjzPkcJ

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks