General

  • Target

    91ff99594f87c113f6087359093099cdbbc1fc19b1a03bee9b52ed86a47c2835

  • Size

    9.2MB

  • Sample

    240811-nlzwza1hpa

  • MD5

    8a29ee4ccd2779668d258394c02152ac

  • SHA1

    ca444de215e92b705d2b4a9d64fafb02fafc09bd

  • SHA256

    91ff99594f87c113f6087359093099cdbbc1fc19b1a03bee9b52ed86a47c2835

  • SHA512

    032a281a5e95adb6f15587f9bcea27a3797bc65759a2605443f561f4dc629346a9750d09b18d00086cc020722bd2c8c515fd25feba2fc17f09024f4c845891e7

  • SSDEEP

    196608:RhV1pMzHQCMFGldOAo49m5ckxDDNLpTgUsPVAaKxj10vK2/X6htH/XT:R3XMzaGw49mL5JpTgdOaMy/XC/D

Malware Config

Targets

    • Target

      91ff99594f87c113f6087359093099cdbbc1fc19b1a03bee9b52ed86a47c2835

    • Size

      9.2MB

    • MD5

      8a29ee4ccd2779668d258394c02152ac

    • SHA1

      ca444de215e92b705d2b4a9d64fafb02fafc09bd

    • SHA256

      91ff99594f87c113f6087359093099cdbbc1fc19b1a03bee9b52ed86a47c2835

    • SHA512

      032a281a5e95adb6f15587f9bcea27a3797bc65759a2605443f561f4dc629346a9750d09b18d00086cc020722bd2c8c515fd25feba2fc17f09024f4c845891e7

    • SSDEEP

      196608:RhV1pMzHQCMFGldOAo49m5ckxDDNLpTgUsPVAaKxj10vK2/X6htH/XT:R3XMzaGw49mL5JpTgdOaMy/XC/D

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      13cc92f90a299f5b2b2f795d0d2e47dc

    • SHA1

      aa69ead8520876d232c6ed96021a4825e79f542f

    • SHA256

      eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

    • SHA512

      ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

    • SSDEEP

      96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP

    Score
    3/10
    • Target

      $PLUGINSDIR/Bass.dll

    • Size

      101KB

    • MD5

      a8af308ff01b4477657955fbf0cc8408

    • SHA1

      0794c059f0326e4a71be8a3ee4ac17a657d90d88

    • SHA256

      14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

    • SHA512

      9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

    • SSDEEP

      3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe

    Score
    3/10
    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      8KB

    • MD5

      e013b625f5ae1e2f0b442cf39c0069df

    • SHA1

      9ec785b63279144c091366badda65278c4cdee20

    • SHA256

      16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15

    • SHA512

      306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418

    • SSDEEP

      192:9r/9XGqK7s/AlHdJZBi46AQ5VuNxHA8/1:HXGqM93Bi46AQ5Vujg8/1

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll

    • Size

      5.8MB

    • MD5

      028251654a4d65509aa8ccb5f2ee284a

    • SHA1

      4a4ad468a86df6b903002be4f8919017fea0c152

    • SHA256

      8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe

    • SHA512

      f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

    • SSDEEP

      98304:kj0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0s:kjFA7t2RHfYlQZJgTamGcBis

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/bass.dll

    • Size

      101KB

    • MD5

      a8af308ff01b4477657955fbf0cc8408

    • SHA1

      0794c059f0326e4a71be8a3ee4ac17a657d90d88

    • SHA256

      14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

    • SHA512

      9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

    • SSDEEP

      3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe

    Score
    3/10
    • Target

      License Agreement.rtf

    • Size

      9KB

    • MD5

      f9bf3d56d6ab6230cfe14d1e99a8ff5f

    • SHA1

      171b4c6a799e9dc713595f1593b5f17212adbc3b

    • SHA256

      ec00e5ab12c462d668128d4f37b5512d84fa3306e964eb7403fd80b8862cf6ea

    • SHA512

      5db2ee969fb938e04edd648c7879480a32ebe06c472a6151d508f9d59e62b44dab8939a10781a551999b8a82b7292e30afa6d972900c366e3c44ebf29a78af3f

    • SSDEEP

      192:4fc8NrGFVoi/TMTBRYQIXbAZU7fWPPm6suX3NUTh67osZMYHOYo0zqOl2:eGUVIrAZUK46/7fu10mK2

    Score
    4/10
    • Target

      Voxengo Primary User Guide en.pdf

    • Size

      718KB

    • MD5

      498f20c783ba8aa1933f14bce3e3e624

    • SHA1

      2404e09bc5897d9e113f6647c89c5da1fd70774d

    • SHA256

      5887433efe6f65010ffc47e839dfd77ffba1d47af1ddc362aa0a9bb905796f85

    • SHA512

      196953ea65fbc4d384adc4043b05cd70bb59f773ae3b99fe580306f4a7da9be3fa87213eec3c5d7e78360b6059a1a3140dad55f8e925a19e134cc8f25b3de86b

    • SSDEEP

      12288:gr2FToSekuUK4xQ99X7n299TZNFu+avfJgTiFyib90/Bqm:gr2ZoSXlxxQfX7ek5r4ib92j

    Score
    3/10
    • Target

      Voxengo Voxformer User Guide en.pdf

    • Size

      616KB

    • MD5

      070a82c098fd1a6a042ff0dbe52f156d

    • SHA1

      117dca73f9ed890bf44c0f9ed3055d32c77070cb

    • SHA256

      6b2372594e5f1f6828bfe2519531fc8427dfc3b829763af34d478907a8c5a5f5

    • SHA512

      290af58847bb13f81a7396fdc07ac3d2fa9063bc99a7786ffd64d1176a001fcf5dc526056bd4f9bc43b129d74d3b242b8a2c099ceeb01807d05fc653c3e5898c

    • SSDEEP

      12288:gHIeFyYc31LwiYOZPcH9pzQ1WR4XOWUNGU:gVFIwEZPcp01WR4+NH

    Score
    3/10
    • Target

      Voxformer x64.dll

    • Size

      17.9MB

    • MD5

      aff97189d9460d0019f52fbd574afb65

    • SHA1

      5ad0878ddcffeb79e5c4ce835f2515d5e3da3ed5

    • SHA256

      f413737fbd10e378385b0159deec14637d617d7ebbd4484c3bd68453f7b8d7a1

    • SHA512

      18e98d42d8e5cf654cf0bded2b35aac02cd187273e9d6a19470c8d9ae35b402e1e70ceaa3f48be64e7f27116b75e3c479937aa6ef803648dbed839a8facffc47

    • SSDEEP

      196608:KzviydGaA1ihl6KVjUKeAzKaNN/La5sRMCF:1S6KBzvNm5x4

    Score
    1/10
    • Target

      Voxformer.dll

    • Size

      16.0MB

    • MD5

      a9a0e3b77b6ffdd37f642ebb3d74c8df

    • SHA1

      a0416c8f4daf49b2bb1f012712a29dacf9165650

    • SHA256

      be0763ec8b80b9ba72e14d70b3a371057a7a13b775510caf0a57393d1b2a5505

    • SHA512

      c13a5ff3565a7812bd773e50b37669dd9a6ad30437eeacde4903e8a355f68c49a3967ee53757a51f84bb01b09e888f73965de78d433791f38af59d33081bbb21

    • SSDEEP

      196608:4vKVGPWRa9C3NFUimqLyFAzKaNN/La5sRMCF:hVGPj92Ty+zvNm5x4

    Score
    3/10
    • Target

      uninstall.exe

    • Size

      38KB

    • MD5

      544bfa470a667ecef7d6c7a655d50148

    • SHA1

      96201fa4bf973c0b9592883e9fa7dc7ad2a8111a

    • SHA256

      599b7a683d1de7c886efc0561e05a0579caac67ee14cdb81f8494959ad2565e1

    • SHA512

      d866678ce6f9cd87ce144c65fe31f721e7ca7b157df89592f956fc2d2bc129d58730e0e3e0073fffcc274d66448f1a90dddb160d3d24576e812d82ab6f813a27

    • SSDEEP

      768:c4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJ3Tlt:PLXB65939tY6HBg4sXJ3Tlt

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

strela
Score
10/10

behavioral1

streladiscoverystealer
Score
10/10

behavioral2

streladiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
4/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
7/10

behavioral28

discovery
Score
7/10