General

  • Target

    setup.exe

  • Size

    3.9MB

  • Sample

    240928-z9wp1axaln

  • MD5

    81e69b29c4c09391a12b665e7661f48e

  • SHA1

    b103b694d12544c9db444badd9e2263d219698b1

  • SHA256

    81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1

  • SHA512

    5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042

  • SSDEEP

    98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54

Malware Config

Targets

    • Target

      setup.exe

    • Size

      3.9MB

    • MD5

      81e69b29c4c09391a12b665e7661f48e

    • SHA1

      b103b694d12544c9db444badd9e2263d219698b1

    • SHA256

      81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1

    • SHA512

      5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042

    • SSDEEP

      98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/dat_bgm.ogg

    • Size

      165KB

    • MD5

      f484a5db943fbefe894146a109513ff9

    • SHA1

      3097181ce18c30933da3566d77b6beea5c9092ca

    • SHA256

      ddae02d386f23c8d03792d06beb5100f1d230fa6c9c66b007fa5a3808e5dedaf

    • SHA512

      634615101e5ccef3fbd6bb9fdac881808f231eccb79bd135dd804251b4d564cc89c7a14fe2fe548e7345a6437383edb8fb00ba19666834e4aeaced2103f3ff6d

    • SSDEEP

      3072:tpbseuX0bbGvARsR9Eq9TBECn066ZCtALQOcCL3qFf4vklt/9Rs5BK2KAfnVGsGB:E7XXAc9NEmwmOb3qFztwBK2KAf2/KvT8

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/dat_skin.skf

    • Size

      551KB

    • MD5

      f172c4e44639c2c67c019e94172c780a

    • SHA1

      2e60045e6d80e9964698f95ecdcba3e12635cae0

    • SHA256

      2f2f3ff75f666826f4b40b8e277040d286e6d7ad883cabd5f4bf64670d4579aa

    • SHA512

      3eac9c5357590a6851b59b14130aa6c22c57caff107fc24b74f984a8f7a0fdd78610bb4277553d8746a77a6d5531b06ce1b20bbcfa08cf0e9c600ebb518572dd

    • SSDEEP

      3072:B5/dAtjL20Lr9UiaTqXDY5LNMiSJxJig+uzVZ+WrPWruDkhUj8YNj2YeQiwe39Lm:2/20LrGi1XDo8+UPUuj9kQiLNLif

    Score
    3/10
    • Target

      $PLUGINSDIR/ioSpecial.ini

    • Size

      211B

    • MD5

      e2d5070bc28db1ac745613689ff86067

    • SHA1

      282e080b4cf847174c5c11e4f9157b8c338ecb19

    • SHA256

      d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0

    • SHA512

      a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de

    Score
    1/10
    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      150KB

    • MD5

      344eacb265063cadfd6d3ee3ee66f895

    • SHA1

      5606fed6dea08aebe1d7eb0187e7f5bd53c96fdb

    • SHA256

      fe2f71f6a9baa4bf426ae4710f4edce296ce3d89c6e0a03448cb00fa562462ed

    • SHA512

      c7f48ba8e8ef4602de74c71fce1a08e7b4c3299808d8525339b6af37b6f30a76024c45a1f182f32c77bb3389edc6e6c45d0ff37549d201bf1f86b4f84b14b641

    • SSDEEP

      1536:E7xAG/O+g3Q/H8/T9jtYVmj42ucaKBlZ7b:E7xAGmI/H8b9je84TcaKlZ7b

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/splash.bmp

    • Size

      600KB

    • MD5

      94f52dc67c016167d6eaf6e0c3cf0942

    • SHA1

      e03a061117872d458d106ff67a70df5b4b236e08

    • SHA256

      d91b10d9516f3153cfad2e00b9975a835b1538be1dc0ec0e2821a7f3755322b0

    • SHA512

      f2439352039abd0894e1addb23dd3033434300804c5c2d0139c1c74e8f02832033a54a0792a1bf2fabfbc220e5645bc4e4f77b9831edcf7cdecd162e7a5b6273

    • SSDEEP

      6144:kcoYVYZtkKsq1ReH8z1UMKFAeH4kTBERaZN:kcoYVYZtPReczGM8qRaZN

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/1.bmp

    • Size

      132KB

    • MD5

      cd5ff562751a97fe101a67e771ba502d

    • SHA1

      40ab4ef194902fed97926363fe6f82f3ddb905c0

    • SHA256

      acbb674a36c859af77de0aa1d3d95c1cedf000e54febb31020e6f938194ffc6b

    • SHA512

      4d8d1bce35189b6b20e478330e9d94c5b4863446366da8bfebd5e29303ea2560c1749c00ea181716ef9b873d19f7bb0b0b67217bf33fbcf14ef06034eb93da2f

    • SSDEEP

      768:GZlzyFOQrMisKWPDWPQ6HxZ5/LVlSXhyuFKTuZ/tzIywza2oHVWWHwSKY7FgqwxH:cPorwX1du

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/10.bmp

    • Size

      132KB

    • MD5

      315fbe95e7b2a86b874b197fbdf15849

    • SHA1

      1cfb80ce65a3ec7797a236bd21c5de45ff49ffaf

    • SHA256

      ffa4a594d09f8faad81a30ba0999692530b1c248939328c57781ccae55129536

    • SHA512

      d0ed7b6cac55509e08dcfb6ce4bfef8da2945cab9372e0e044297fd21f8d9a74fcb601bf8faf2e97d1350bbf9363d3d25421da34747a7a2dc7660c8b3be253b7

    • SSDEEP

      768:UqL8imr7IriZj7gNPfkxD5KhPY9dx0FHH5m1ngJMNZ7sCBTiCabGZ95YqQ+9PaW/:U7p/WGHGk

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/11.bmp

    • Size

      132KB

    • MD5

      8379b1c3d19f3648f9236187e16149e9

    • SHA1

      d1d4ef0d7071ac00c8d3abae6b79d8ebf2798452

    • SHA256

      fd3a02f023176a6ae82935f00f72fa13d42be28d58eec0422b9783184ea852f3

    • SHA512

      1822e9eb3c1943d0a6e78a78d6920db26f92257a5a368e5524162c65c08eada27a4d7fdc1714279910665189398ebe510e1e4d982bedb4915d75ce9f825b215b

    • SSDEEP

      768:SDbNi/9re4I3yTa3xz5bZKvnedS0hHHiOGa3JRNQJCFcimltHLAFEpJvhdb1hHWt:C0Uu/IAY

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/12.bmp

    • Size

      132KB

    • MD5

      ba19c720c62fb04a6d0687763eb3f0f9

    • SHA1

      80ca6d7bda2b287c87d36ad2535bf9ffb5bf00c2

    • SHA256

      67c1e8f97cb11fe2d5d658e994682dcb9b81ec73ee221e2d704bff5da8f7a360

    • SHA512

      298128377ca05e88fd5000725e4871ffb81f0b49de805552c7fc205b48a1739a64cfe246f360186259322ed162fb31320fe4f7f511b0f106677e0eb8c7ed84ce

    • SSDEEP

      768:SDbNi/9re4I3yTa3xz5bZKvnedS0hHHiOGa3JRNQJC6U1WAXoIpFAPlpUwgzHQ6X:C4GskgrY

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/13.bmp

    • Size

      132KB

    • MD5

      a0e8b1c81ddc511fcb5310c5deee8e9b

    • SHA1

      88f9b448d7f5ca3a00b36b06e25fbbe94ca0a451

    • SHA256

      f329a87886a84e7d36a03ab620221ce2e5909bf595210a0a70e62065b68bd458

    • SHA512

      3e7b08f44e8534b2208c37e8f78fc91831ef7a7f9e634577b40be3ba970141437565182e2fb5f659fceedadbadf1bb562db351a95c4ce531913a72ea35cef272

    • SSDEEP

      768:/nk0jLE2Lr8RnfWncJZx/5/N6r4VndtGgHHxoZPNPX4lXICR8nmItsNHdqoQ9F9o:zZriT

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/14.bmp

    • Size

      132KB

    • MD5

      22fcb3ea5ee2414880ef094b6b965c94

    • SHA1

      dbfb1cbb08981fdd3878faf4179f5fddf67a4a9d

    • SHA256

      9058e0d9ea998c21309757586d30b0e5378c0c1904ebc2d95bf01223ddba269c

    • SHA512

      f104e05e5fff7ea1b5e7e983ed8185ee5fcb3d5affe07f9d60663b61027c4de76743b4b67d21578de7f35eca75d953a8182c7d3330c2ec65966cca6a4363c294

    • SSDEEP

      768:TVDtEq8oBHHtrCOVPggBFxxwi5N6rcvyNvP24pTkgXN39OC6hk1J+BOUozzGLjYO:2QiqbJrGBO

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/15.bmp

    • Size

      132KB

    • MD5

      db6d2dbb0a0f2836f725f942453b29ec

    • SHA1

      83448f73bb9104178ab354128e47a239b1abdeba

    • SHA256

      46ed9e0e6d46d8840fc3771c5b8b5a9457d91e0a994e72a8289481dcf4a83c32

    • SHA512

      5542a2a8dcaf436d2610cf685a2760bcc93d077086658cffe2361f3da0fae5f5f76a1761034cea5f8e9ac1151944bafa726761213acccf012bd01ba38f4d5ed4

    • SSDEEP

      768:TVDtEq8oBHHtrCOVPggBFxxwi5N6rcvyNvP24pTkgXN39OC6hk1J+BOUohzLLdDz:2Qi5T9rGBO

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/16.bmp

    • Size

      132KB

    • MD5

      74963a0e21b0a442f0e327a9e83fcf02

    • SHA1

      4aeba2036721e7d73a346c295eb436067c8d3976

    • SHA256

      d2bf6a0edd77365e2593a2fa154a9a7e1c609111316e17538706d7d453cd5b43

    • SHA512

      b5c0eadd8cebcfefa98b6080a51f1801233dd4f2e72b9df028fbcd571d046466ca9b7cf36172a524ff7c60820d40475a8e190d5bada901d3fd485e17c41daaea

    • SSDEEP

      768:gj/TdkCTjrGQ5PMXISjxV5CzANeXWOWbXvpHV7eNsdoVELCeRNsF5nyt2JHg9B2A:QcEERWglz/MAlVgQT

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/2.bmp

    • Size

      132KB

    • MD5

      b983fb2e8d67378f2eead3af35a41276

    • SHA1

      001d4dcdd316b285845f82743bc9353040365221

    • SHA256

      5de6fac064d9897c7865b71528b0f4ee4375a9a1f94cfdd8ab355c17099ed75a

    • SHA512

      c71980ee0466bf58518d914ac667516f484e991fcd03751536225ea76707e732f939e55c49137431f1d72417827339af6817ae2ef32098fe9af354c2619ecc3b

    • SSDEEP

      768:T1+8TJ6ioYhMrr+xUxhAPbdBx05ngWQJuJB3ue3TBNq6h4HoTrJcRqLbDpaqNpIt:hHKgW/7mI6

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Resource/3.bmp

    • Size

      132KB

    • MD5

      a21bc00d83d44f8ac7a4025e352a9cdd

    • SHA1

      b44314553d206c68f901e623227b257b9b1cf4e6

    • SHA256

      91d0a751e34a1cdf6329bdab73d8c583a2600d359d4a6ee78e0a557a56d6825c

    • SHA512

      928c5060e863c6ca2052cbd51d4a4bb0170b8f5499a0cd8c6434a5ffa3c1314cc557f17bc550d8e356687c943538462b854175452e873ec256e515ad5e20fbb4

    • SSDEEP

      768:T1+8TJ6ioYhMrNbxEicfDze4yckExo+535895beufdRTaNG/6P/VBnL0Ct7USTOM:hHBzCLEiWI6

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks

static1

strela
Score
10/10

behavioral1

streladiscoverystealer
Score
10/10

behavioral2

streladiscoverystealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
7/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
7/10

behavioral11

Score
3/10

behavioral12

Score
7/10

behavioral13

Score
3/10

behavioral14

Score
7/10

behavioral15

Score
3/10

behavioral16

Score
7/10

behavioral17

Score
3/10

behavioral18

Score
7/10

behavioral19

Score
3/10

behavioral20

Score
7/10

behavioral21

Score
3/10

behavioral22

Score
7/10

behavioral23

Score
3/10

behavioral24

Score
7/10

behavioral25

Score
3/10

behavioral26

Score
7/10

behavioral27

Score
3/10

behavioral28

Score
7/10

behavioral29

Score
3/10

behavioral30

Score
7/10

behavioral31

Score
3/10

behavioral32

Score
7/10