Overview

overview

10

Static

static

1

apowerpdf-...ht.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    apowerpdf-setup-light.exe.7z

  • Size

    841KB

  • Sample

    240905-q46tcasbpq

  • MD5

    af90f719c8810b863879f2691ae8eb0c

  • SHA1

    e335a2cb166138dfce586de8b6a4d9f4fdf69353

  • SHA256

    e17f4a00855d223c67a72227e5a1b903256210cbdb1e717b3bc0477301411171

  • SHA512

    3af972918f4d06fd6c708ce16794ce2d84e2f83d1c2d82cbdc1cf83a2b98f6a513e9d23282519601f4db63310d02b19f91c6b56ef6d26edca84a9386c0f299ad

  • SSDEEP

    12288:iHPkn7kt8Wxn4kbqzvA3YF7/lWDJ1A/P8q71Vgn3gq66a5glSJDks5Mn6sydd4xs:2cQt8WxDbyAIFjlkJtqLgnQqLSJva1

Score
10/10
streladiscoverystealer

Malware Config

Targets

    • Target

      apowerpdf-setup-light.exe

    • Size

      1.8MB

    • MD5

      a6df2ff43b6b48cbce156bafa8b45c88

    • SHA1

      ddac0778620ade0cb0cf00355ae27d22c9dd91b5

    • SHA256

      ff6ac4378e07d703552e45893b0368331fa3a3c671e21b1f552a6ed61220ec7d

    • SHA512

      369129de01910c5e86eb1c83c9d93923cbf2b24acbebdbdac1058a2c661693acfc51e73ed447940e05bf7d762dab8815c8f1b0097e9e7daf96a5569a06bcd070

    • SSDEEP

      49152:jyIO6XrnRNm5zuXp7jRG6wLvSpDiTEan/DB1d:uIOqrRXG6wL6m1

    Score
    10/10
    streladiscoverystealer

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

      stealerstrela

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks