General

  • Target

    9070036232769ef3d265188fff67ea50N.exe

  • Size

    1.9MB

  • Sample

    240816-x8s7dawdrq

  • MD5

    9070036232769ef3d265188fff67ea50

  • SHA1

    1d1aabe9cc3e2259452e31c8bcaddfbd845fc003

  • SHA256

    061be13ea4ba484514d798f70838648d72f09a5ca6c58a608d9b6d28e63146d1

  • SHA512

    a3397b4f583b2839be791552515c063d3d5505909449ef94370e1e6163a0b1e8d359a8d19273c911b4b49bfc4537737631b7677aa759014723d79df8b2d8ea9f

  • SSDEEP

    49152:8gwH+Hl2+jmaJhsYAH5e6duUPUau0rqURpUpE129j:pF2+/ZAHRu0UwmypUrJ

Malware Config

Targets

    • Target

      9070036232769ef3d265188fff67ea50N.exe

    • Size

      1.9MB

    • MD5

      9070036232769ef3d265188fff67ea50

    • SHA1

      1d1aabe9cc3e2259452e31c8bcaddfbd845fc003

    • SHA256

      061be13ea4ba484514d798f70838648d72f09a5ca6c58a608d9b6d28e63146d1

    • SHA512

      a3397b4f583b2839be791552515c063d3d5505909449ef94370e1e6163a0b1e8d359a8d19273c911b4b49bfc4537737631b7677aa759014723d79df8b2d8ea9f

    • SSDEEP

      49152:8gwH+Hl2+jmaJhsYAH5e6duUPUau0rqURpUpE129j:pF2+/ZAHRu0UwmypUrJ

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $0

    • Size

      47KB

    • MD5

      477ae0b984507516552b27ec80809eaa

    • SHA1

      ae1af819d153128d9f55ac9e09430004f824ad6f

    • SHA256

      f8a2c8d8b0f7fd0332930d3d18517df3c98a6ab2814d9a5f03e35f72774359d3

    • SHA512

      f3a852d408a17411c6878e64bf08e2965191d71098216091ba18ab9582900d7e0b59795bf7307689213b4507cf248848e80920456c4d975787751527447d196e

    • SSDEEP

      768:a65zgCynVlXWh1+OU/hYJweGvUAu3s8yTLPksGnTEDLDRvyPCB1:nqPlXa1vU/sweGs7sPTLPUPPCL

    Score
    3/10
    • Target

      $2

    • Size

      2.2MB

    • MD5

      3c58ee787f100d9c124fde7d41e2b40c

    • SHA1

      794539da76db30d2193bc0e7f705a66816994773

    • SHA256

      9ba659ce26f5e4bc1dd98d7d41ac1514bb2853d68c3d56707f7a050cfb08ed87

    • SHA512

      2340c7f37ff53fcc9cecc77b0e87f6b86600f3cd08aa8bb0da87b9e041943cfcac87d6660187611cf7ee0eeb900a6f28272251bd60e0f2664da0e49c19667a5f

    • SSDEEP

      49152:OxpVf/Sa5WFtRnCU/6T2hzSBZvvT9dPZpU7Up9rXCGT5Sp/VZt6H/a:mSa5ICU/T8vTw7U7CtV/

    Score
    3/10
    • Target

      $3

    • Size

      1.7MB

    • MD5

      867f418fffc2dd61dd3fc065f4ab29bb

    • SHA1

      9558d4995c70048cfcd7cfd4718f38babd6ba581

    • SHA256

      2d2648a2e454e1637086d90b0a9071df66dd3de61c42ae88e4b1362aa51b21e4

    • SHA512

      ebcaa8e676509b56bae4318ca800383b8b306b8425a0a5e4c55c69a9bc38937a5f806874924efb8b6f6b0624ad0c09b140c4c63127a2573069ac178f03817238

    • SSDEEP

      49152:D/dZ0ao9Uns/o6TW2uDg3riKPTHBRbBxvcaqxiJrcXKu4p/xTR3Z4HK4S:RZ0ayUnn6TW2uDg3riKPTHBRbBxvtqqt

    Score
    3/10
    • Target

      $COMMONFILES/supportdotcom/rang/driverinst.exe

    • Size

      14KB

    • MD5

      ae68f797651e2da0447bd2f28aaa31b7

    • SHA1

      e3d1981e36f163c2947e60df1aef7ab208e18435

    • SHA256

      a5d6b459ce511916464facd547685dfe548fff00cc312c246ce61fc1e1328345

    • SHA512

      da5e5a14571ba6e8f09276e944860a531470d0708517f732c85f0ec48a1d48e9b1ef0c34a8a7ef27727e07aee6ccae24fff028440de020de26bc7cd4f9baedf2

    • SSDEEP

      192:loyf/DNEJ921Ofs7hM52nYe+PjPErQdq+v5r9ZCspE+TMwrqE1gQR:pu921Ofs7hM52nYPLtdqeMdC

    Score
    3/10
    • Target

      $COMMONFILES/supportdotcom/rang/driverinst64.exe

    • Size

      16KB

    • MD5

      198aecd00486eadd45b763ecf6b850ef

    • SHA1

      8141e2a173f5ed8a1ee4111a9dbf3973f87583e7

    • SHA256

      da94f1da1d256ad7edcacb856d7712fae587714e8372462871b9b8390697e66e

    • SHA512

      9968dc12d98ca2e7a4d6a90f01228d27c2c67f46cfe2e5cac61c1ada698e84e1fd43afd7b30dd30240ed6eea1ff5fb6e1f9ba7d15303baa889a34f24d4f46703

    • SSDEEP

      192:eDiM4Cvk+sej9brlWzyON4M5AKnYe+PjPErQdq+v5r9ZCspE+TMwr7ROe:eDiM40qeRbrwzdN4M5/nYPLtdqeM0D

    Score
    1/10
    • Target

      $COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll

    • Size

      31KB

    • MD5

      28b26600204f79045eda8f7fd8ca3c86

    • SHA1

      b9f19e36b80eb862370d99b466664380440af6d5

    • SHA256

      5140f07b878efd1b74ee9f5821a207d1cee65952702ff75c49a4522face230c6

    • SHA512

      aebd4425b846883e1f49da18edf3b7c96a9fb9ddb7ce709938b21eae169bdaeb5ce6bf8593638b5c887b26de7476b793a4691a7d56e46796bb658f1e516ad3c1

    • SSDEEP

      384:KzkRjefjUQ2IeuDLnoEGfNu5hPpObpgmNZy047rGAU0rnFM3b9YJLeUmbCJA13o:0yuYIPpO9gmNZy37rjUGncboLeBbCJc4

    Score
    1/10
    • Target

      $COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys

    • Size

      9KB

    • MD5

      1100066057fbf612b573efd3b21383f1

    • SHA1

      f95db83ea936f1fe70583a4eca810da807167dfe

    • SHA256

      894f5a999e03807dffea67938d2e456d50d9e5511fe91d2e2293c51d98b3d87d

    • SHA512

      62850de88b00daeab3299fec2bbd9aa0b07f766b96f42392310cb4f23c9e50f0aa8bc87f82e28cd99c195ea205a26c083d048cbac3341861dcee4a5eabb9dea8

    • SSDEEP

      96:nhVr58/4Yg+iPoHQjzQMLy+eloBw+ebCfMSy2R2KnlTkqs1IHb9S:nhm2+yowJL/elGw+ebCfRyQpkqs1I5S

    Score
    1/10
    • Target

      $COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll

    • Size

      27KB

    • MD5

      c48e3ca416da093ae18db54ebe8c13b3

    • SHA1

      7d06586938d286cb03900a302633774b3653214a

    • SHA256

      f7f6819a38b2dcc2541777a4a7ce3d85c4c27b8afd7513220c7388e3ad3f1b52

    • SHA512

      30f5466e98e3273ebd8cd4c5eee35fbd0257bdd1874c3175ccc775d05aeee8d67dfd040b09bf14ac00a131e3e5b3c473f4ec078ed2ebf89d2b63999fc1c3c59e

    • SSDEEP

      768:IEoI8qJUk4NOWX7rHvbY01aGkHSb9LeBbCJcw:zoI8quUsLY01azI9qRCSw

    Score
    3/10
    • Target

      $COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys

    • Size

      9KB

    • MD5

      f843301bdadb2728822c83413ef5f132

    • SHA1

      3d8b8514078b19cc98aed4b0d74d1497b79f3512

    • SHA256

      c36cb4e972671c9c7fabfeedd20fd1e239afaf69ad88586a32b9b2c1fa2a2fdf

    • SHA512

      552b28d05169bb52dd336d2b2b547bf0cde2f855f28109338544e98c63f27f22b6287a00b9addc0efe089670f5a844996b0a9eedc87d1d64d4086235047adb0c

    • SSDEEP

      96:/OlR5IPbgYBiPoHQjzQMLy+eloBw+ebCfMSy2R2KnlTkqs1IHb9FPI:sXuyowJL/elGw+ebCfRyQpkqs1I5FPI

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      ssranghk.dll

    • Size

      39KB

    • MD5

      8cab6c22e508bf8add2f61d1a5e74786

    • SHA1

      08a666d8bce25ba81b0473462d8d831b30c8b2ce

    • SHA256

      53ad29f3cf9019c4104649c3e7c670643cb665e737001ef9541d876e939ade4a

    • SHA512

      952c9d51159def01e1a9533306e07a91dbcef7e3175a3362fc783437952fd0fe51a8a0e1eb1b9b6a13ed8cb00e64593d02b3f24be6d5d4bdb827417a5d999b89

    • SSDEEP

      768:cX4j/ABFxIQ76prJnTMNheNmnTEDV3vy6/Br1M:K0+F+Q7+rOzNTY

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks