strela | a8982034b8745ca1dc3b8816b16961bf4e996c911c6411bca8530d8aea7e0610 | Triage

Sharing

General

Target

gross.zip
Size

11.7MB
Sample

240902-y6djkswekr
MD5

fcee864d82b56b74b5451326ac494218
SHA1

109ea32c26c4bbc372bbd021995639b7a402b452
SHA256

a8982034b8745ca1dc3b8816b16961bf4e996c911c6411bca8530d8aea7e0610
SHA512

af42fda10217aa3e2db8fe824349af505b8e0421c187e34b2fb6c339cea7d09327f27f02af542eeb6e0040d90c406a5ad478f822ac72268930931f3f29720e8e
SSDEEP

196608:6nF4jQEyooz249TLfYPLI+QteHD7D3yaRHbAFdWpP9aU1YAPpJ6:6SJ5V4FYPEeHjjHbAFQpnC

Score

10^/10

strela discovery stealer

Malware Config

Targets

- Target
  
  Gross Beat 1.0.7/setup.exe
- Size
  
  11.7MB
- MD5
  
  1287223e90507c1ac0bc0b60f1b039e9
- SHA1
  
  7853f575349907eabb0dcd190fe746eb1c1c8d01
- SHA256
  
  b13ade9fa58f96d8f03e4e241455c1af226d6b654e2ad48a8ae7d3a61f7ad64d
- SHA512
  
  b90117cee136da27aefe612c73284a9977fe836ac364afc68d7bb78ca6828efd21b60b2c9ba866a6bcf0479db1c64eef6fe06b4ca0ccb0f2d8a3e3b333361d2e
- SSDEEP
  
  196608:uRRS34smUEH4IXhxpMzHQCMFGfDQ5jSajl3clBg3j/cWnoCfrR1:uq/fRI9MzaGf0nl3cli3J/
Score

10^/10

strela discovery stealer
- Detects Strela Stealer payload
- Strela stealer
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  13cc92f90a299f5b2b2f795d0d2e47dc
- SHA1
  
  aa69ead8520876d232c6ed96021a4825e79f542f
- SHA256
  
  eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
- SHA512
  
  ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3
- SSDEEP
  
  96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Bass.dll
- Size
  
  101KB
- MD5
  
  a8af308ff01b4477657955fbf0cc8408
- SHA1
  
  0794c059f0326e4a71be8a3ee4ac17a657d90d88
- SHA256
  
  14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594
- SHA512
  
  9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd
- SSDEEP
  
  3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/GetVersion.dll
- Size
  
  8KB
- MD5
  
  e013b625f5ae1e2f0b442cf39c0069df
- SHA1
  
  9ec785b63279144c091366badda65278c4cdee20
- SHA256
  
  16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15
- SHA512
  
  306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418
- SSDEEP
  
  192:9r/9XGqK7s/AlHdJZBi46AQ5VuNxHA8/1:HXGqM93Bi46AQ5Vujg8/1
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
- Size
  
  5.8MB
- MD5
  
  028251654a4d65509aa8ccb5f2ee284a
- SHA1
  
  4a4ad468a86df6b903002be4f8919017fea0c152
- SHA256
  
  8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe
- SHA512
  
  f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d
- SSDEEP
  
  98304:kj0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0s:kjFA7t2RHfYlQZJgTamGcBis
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/bass.dll
- Size
  
  101KB
- MD5
  
  a8af308ff01b4477657955fbf0cc8408
- SHA1
  
  0794c059f0326e4a71be8a3ee4ac17a657d90d88
- SHA256
  
  14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594
- SHA512
  
  9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd
- SSDEEP
  
  3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/shareddlls_install.exe
- Size
  
  2.8MB
- MD5
  
  4fe8ff7f02020ea655944db5541722f3
- SHA1
  
  b5ff619c215529a4531337eef36167051cded658
- SHA256
  
  599c63aa0d0496363c7c99217e6c3d941125907cc4ea4c7d5d73c9b54e3deaee
- SHA512
  
  f4802d00d46c59882a1e1d3b8c0a43fd2ba4b22819d5417ad81cf4522e796176a920f81a6753e8297d49b3b0e60f3e1c27e4fbff2a6cc100d01cd0a39a75b4e3
- SSDEEP
  
  49152:lNXkhjpZr+L6hsoD/cSjvJafJc3eXIeGixJbsf4GQHwFjPfLtv+W3oZYKwL:lZ2XCGyk/cSrJafogfGiK6QFjXLfuYK6
Score

7^/10

discovery
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  Gross Beat.chm
- Size
  
  1.3MB
- MD5
  
  887bee4dc6c8f2640e3e21a9e7242529
- SHA1
  
  5e7632e6da6a61b9660cd9b6eecfd799d415a28f
- SHA256
  
  d6c6560a7379ea4b7e413923f12714cd3777938abdb4c5c67ebe5bc2f5ed2ce0
- SHA512
  
  f2042bcb4b1a895783647899b8e7c283784f336435f0fa6ac355e735552408c2c9d9ab23ed0b3fe8c45bceb2195795ebd0b4140386f08db3848ecae501481e89
- SSDEEP
  
  24576:a/OQ2T/gvJSEEyTELXVHNv8eLrKm/yBc/tkiw8/n81vOlce7lvI:a/fu/gsEE0+lp8e/Vae/tg8kItlvI
Score

1^/10
behavioral19 behavioral20
- Target
  
  IL Gross Beat.dll
- Size
  
  2.1MB
- MD5
  
  9aa6e6391e2e96e9218da0663eaa208f
- SHA1
  
  19d48b1709e6be0179a0b5f448e304a43372517d
- SHA256
  
  c203ef0873e711b27ea94b2628218a6a39a9e99695ae9b77a893f28c907eb575
- SHA512
  
  de2c2d1ec27a6ee1d0056613570565c0a298de47c5b0be2a7553c6ade2d3c29de474011889c02925e14cf1096df92a1913ec274c1f5c6ec8bbf7eb2835f9e7bf
- SSDEEP
  
  49152:CiqG1E0AQxFoSJDdknXOsL+YjCQAT9SX0R:CimQ7JJhknXO5B
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  uninstall.exe
- Size
  
  59KB
- MD5
  
  e4f3ddc1ac94e6703ec7a96c52dc6d53
- SHA1
  
  316416c096a9d4a3b9c38e5fb3a5939f0f726df4
- SHA256
  
  82d45f62debed77da4c768a6f827461be18852ea376928733be79539b9d3ebb4
- SHA512
  
  f707328f73f0925395ff3fc5610bc88ea124488680dffa4d8f83e2e43b9c78cd66ded113720d0dbe1e007d8bc88c0168224ad3da8a5599c4d645acb002a6e063
- SSDEEP
  
  1536:1LXB65939tY6HBg4sXJpE90eaApbpzUR0B9u:1Lk395hYXJpfWplYuB8
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

streladiscoverystealer

behavioral2

streladiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24