strela | e17f4a00855d223c67a72227e5a1b903256210cbdb1e717b3bc0477301411171 | Triage

Submit
Reports

Overview

overview

Static

static

1

apowerpdf-...ht.exe

windows10-2004-x64

Sharing

General

Target

apowerpdf-setup-light.exe.7z
Size

841KB
Sample

240905-q46tcasbpq
MD5

af90f719c8810b863879f2691ae8eb0c
SHA1

e335a2cb166138dfce586de8b6a4d9f4fdf69353
SHA256

e17f4a00855d223c67a72227e5a1b903256210cbdb1e717b3bc0477301411171
SHA512

3af972918f4d06fd6c708ce16794ce2d84e2f83d1c2d82cbdc1cf83a2b98f6a513e9d23282519601f4db63310d02b19f91c6b56ef6d26edca84a9386c0f299ad
SSDEEP

12288:iHPkn7kt8Wxn4kbqzvA3YF7/lWDJ1A/P8q71Vgn3gq66a5glSJDks5Mn6sydd4xs:2cQt8WxDbyAIFjlkJtqLgnQqLSJva1

Score

10^/10

strela discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

apowerpdf-setup-light.exe

Resource

win10v2004-20240802-en

strela discovery stealer

windows10-2004-x64

22 signatures

300 seconds

Malware Config

Targets

- Target
  
  apowerpdf-setup-light.exe
- Size
  
  1.8MB
- MD5
  
  a6df2ff43b6b48cbce156bafa8b45c88
- SHA1
  
  ddac0778620ade0cb0cf00355ae27d22c9dd91b5
- SHA256
  
  ff6ac4378e07d703552e45893b0368331fa3a3c671e21b1f552a6ed61220ec7d
- SHA512
  
  369129de01910c5e86eb1c83c9d93923cbf2b24acbebdbdac1058a2c661693acfc51e73ed447940e05bf7d762dab8815c8f1b0097e9e7daf96a5569a06bcd070
- SSDEEP
  
  49152:jyIO6XrnRNm5zuXp7jRG6wLvSpDiTEan/DB1d:uIOqrRXG6wL6m1
Score

10^/10

strela discovery stealer
- Detects Strela Stealer payload
- Strela stealer
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

streladiscoverystealer

© 2018-2024

Terms | Privacy