General

  • Target

    SetupBlumaticaDVR_4_0_0_0_mdg6eer2s.zip

  • Size

    863.0MB

  • Sample

    240806-q81g5avcpe

  • MD5

    f8ccf3c240f0ef1b7a4658632611d72a

  • SHA1

    0b0319ae81f30468b74f8bd05537b68560f4fab8

  • SHA256

    dd28604698dda974477b81b2089781581038804b21b3343dc7adf39d24ad407a

  • SHA512

    bff4ead05ed4f7352f63c49a96dd35e5e7fc014d1aad5c02e9064f4041828f6ecc2801aec476f394912bb9b32793e1bbb8c266df63d76e8e0c5277196e9e314c

  • SSDEEP

    25165824:PiH+Yr+lZUkmt7EF1nZr8RDb58DRuEGv/6z2a75jJLLiFO+vRjO03iQEEyU:tYr+luXpM1np8pbiD0EG36zP5jJXiFO0

Malware Config

Targets

    • Target

      SetupBlumaticaDVR_4_0_0_0.exe

    • Size

      870.2MB

    • MD5

      8efd5fba99cb469a78da83199c7390a6

    • SHA1

      1c1d4ac63ad9d9507214c3894254c669d0620217

    • SHA256

      a3523236051087f10f4ecbdbd088049f3ddc9f94803486641ded3d02d3ac7391

    • SHA512

      802f09d33e63075a635bfcff0bb2bf9d4f315e83549b33a2ec64fbb47b48ff0bbc724116a5c7ec823b8143414e3fcc3f80ac70c43000c33daf5fcee191e2bcc8

    • SSDEEP

      25165824:DxAKJQ1HffYXDnJ56cPcSPZ46J/uVDRoST8FsZK/0WV4ruADe0GAf:NJQhXYTJ57P7Pa6J/KDRL8FsA/0WV4r5

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks