General

  • Target

    setup.exe

  • Size

    11.7MB

  • Sample

    241004-2xjk1svhme

  • MD5

    1287223e90507c1ac0bc0b60f1b039e9

  • SHA1

    7853f575349907eabb0dcd190fe746eb1c1c8d01

  • SHA256

    b13ade9fa58f96d8f03e4e241455c1af226d6b654e2ad48a8ae7d3a61f7ad64d

  • SHA512

    b90117cee136da27aefe612c73284a9977fe836ac364afc68d7bb78ca6828efd21b60b2c9ba866a6bcf0479db1c64eef6fe06b4ca0ccb0f2d8a3e3b333361d2e

  • SSDEEP

    196608:uRRS34smUEH4IXhxpMzHQCMFGfDQ5jSajl3clBg3j/cWnoCfrR1:uq/fRI9MzaGf0nl3cli3J/

Malware Config

Targets

    • Target

      setup.exe

    • Size

      11.7MB

    • MD5

      1287223e90507c1ac0bc0b60f1b039e9

    • SHA1

      7853f575349907eabb0dcd190fe746eb1c1c8d01

    • SHA256

      b13ade9fa58f96d8f03e4e241455c1af226d6b654e2ad48a8ae7d3a61f7ad64d

    • SHA512

      b90117cee136da27aefe612c73284a9977fe836ac364afc68d7bb78ca6828efd21b60b2c9ba866a6bcf0479db1c64eef6fe06b4ca0ccb0f2d8a3e3b333361d2e

    • SSDEEP

      196608:uRRS34smUEH4IXhxpMzHQCMFGfDQ5jSajl3clBg3j/cWnoCfrR1:uq/fRI9MzaGf0nl3cli3J/

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      13cc92f90a299f5b2b2f795d0d2e47dc

    • SHA1

      aa69ead8520876d232c6ed96021a4825e79f542f

    • SHA256

      eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

    • SHA512

      ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

    • SSDEEP

      96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP

    Score
    3/10
    • Target

      $PLUGINSDIR/Bass.dll

    • Size

      101KB

    • MD5

      a8af308ff01b4477657955fbf0cc8408

    • SHA1

      0794c059f0326e4a71be8a3ee4ac17a657d90d88

    • SHA256

      14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

    • SHA512

      9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

    • SSDEEP

      3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe

    Score
    3/10
    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      8KB

    • MD5

      e013b625f5ae1e2f0b442cf39c0069df

    • SHA1

      9ec785b63279144c091366badda65278c4cdee20

    • SHA256

      16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15

    • SHA512

      306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418

    • SSDEEP

      192:9r/9XGqK7s/AlHdJZBi46AQ5VuNxHA8/1:HXGqM93Bi46AQ5Vujg8/1

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll

    • Size

      5.8MB

    • MD5

      028251654a4d65509aa8ccb5f2ee284a

    • SHA1

      4a4ad468a86df6b903002be4f8919017fea0c152

    • SHA256

      8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe

    • SHA512

      f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

    • SSDEEP

      98304:kj0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0s:kjFA7t2RHfYlQZJgTamGcBis

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/bass.dll

    • Size

      101KB

    • MD5

      a8af308ff01b4477657955fbf0cc8408

    • SHA1

      0794c059f0326e4a71be8a3ee4ac17a657d90d88

    • SHA256

      14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

    • SHA512

      9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

    • SSDEEP

      3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe

    Score
    3/10
    • Target

      $PLUGINSDIR/shareddlls_install.exe

    • Size

      2.8MB

    • MD5

      4fe8ff7f02020ea655944db5541722f3

    • SHA1

      b5ff619c215529a4531337eef36167051cded658

    • SHA256

      599c63aa0d0496363c7c99217e6c3d941125907cc4ea4c7d5d73c9b54e3deaee

    • SHA512

      f4802d00d46c59882a1e1d3b8c0a43fd2ba4b22819d5417ad81cf4522e796176a920f81a6753e8297d49b3b0e60f3e1c27e4fbff2a6cc100d01cd0a39a75b4e3

    • SSDEEP

      49152:lNXkhjpZr+L6hsoD/cSjvJafJc3eXIeGixJbsf4GQHwFjPfLtv+W3oZYKwL:lZ2XCGyk/cSrJafogfGiK6QFjXLfuYK6

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      10KB

    • MD5

      055f4f9260e07fc83f71877cbb7f4fad

    • SHA1

      a245131af1a182de99bd74af9ff1fab17977a72f

    • SHA256

      4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

    • SHA512

      a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

    • SSDEEP

      192:8SEWBGgiJM4LN+xq56XdNcNz/NWdlJmlyOcROQ:8SEPgii9KTzyt

    Score
    3/10
    • Target

      $PLUGINSDIR/ILInstallUtil.dll

    • Size

      94KB

    • MD5

      e331583b908a92193e0be215611c7309

    • SHA1

      937106392134173fa3cd640c66ceea5152028e3a

    • SHA256

      be44e27e8b1c78a2696451c8afa21412136bea12bc033ff9d0251922b4c97631

    • SHA512

      35602924859dd83f23c728446b84e2c89fe4fa83a33842e50e96b7442ab16205ce634643185d13e086253e79685f0fbbb6c474c057b061f566ff763cbbc7d240

    • SSDEEP

      1536:1DwwWKYggvaz76xH1Jsc9t6bnWza3RYcJnFGlTxaJZuE/9:9wwWKY567C1ec6bnWza3JFGlTxaHn9

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      Elastique.dll

    • Size

      612KB

    • MD5

      41c785ad360e246dd075a8b44364ccd0

    • SHA1

      790d291e89cb6308b9fbb3ee325eca7ef0dbb086

    • SHA256

      905c2cfc6d340035c28f986a136f65efeb202d176a73ec5fbb3dc096eac52cf9

    • SHA512

      49ad38c3f13d3cce47c489666385df59ce61e75f4d8ac891684a1ae04597177ad9c2c7d18e0ae5a591ecbe58da06ac43c87304e5ac2a3f26767a990d524efac7

    • SSDEEP

      6144:v/P2vBf4YcgYFGbR0y+fvv2/phKYhnfZvVqxzMmdE8g3QNmjsFACzKN/:f+BQYcjcUv2/6YhnfZYRMmdE8EAF

    Score
    3/10
    • Target

      LAMEenc.dll

    • Size

      356KB

    • MD5

      2fa01073991cb5cb74415154eb0caae3

    • SHA1

      8fa5271fcc9494579c485e3f2b04df7aeb583564

    • SHA256

      38059e39a1835cc360c1c080a86a854ca6e203b9bbbeb73e6663be36a07a5c1e

    • SHA512

      b7e66604016bcf2e3401058c0b7e951cac46e96d6b2bd14cb02c27ace9795a1e9cf7df956e87835854d78642d7a86dc42ad21568629d120407ac9bfb5311fab9

    • SSDEEP

      6144:PGOS3xd20PkjSKiowgn+OIUjws4eu5P4IIa6sh+gzAO+OYFyH:Ohd20PkjPijUOUj24Za6sHxYg

    Score
    3/10
    • Target

      REX Shared Library.dll

    • Size

      228KB

    • MD5

      2612524c9ebeffe1dbeeecaff2393269

    • SHA1

      00701ee499528abf6be0a1a28da01bc82946e0e0

    • SHA256

      7848629cb8293117055423c291bc14c3f0139e68293689c7852a9bbcea3f17f1

    • SHA512

      7963ddf31171bc392cbab82e339810a459c8aed19ca983ce5512c77d67dbc979485f436e2b3eba3b8b483cd003f0c3692bd4e400f9455cad8bf14389a66672a7

    • SSDEEP

      3072:W1RF1vYoipgZ3RyBKXRXzBB8Tgi9Ag0Fu6OU+mlv2S/S1o5:EFl/b8T19AO6OzS

    Score
    3/10
    • Target

      Reverb.dll

    • Size

      72KB

    • MD5

      cd85e0df208a3a9ef6816fa780fc37a4

    • SHA1

      242059b49f8a589f3d28df3a495d22bc018849cb

    • SHA256

      004dc2bd075fad0a11e7a9a739dfb6e269230a27277e2231ad36baffbd944edd

    • SHA512

      8a5dfd93067e1c0a9cf2ec964c73cad744d618dad53b2ee0c0b828d9c102dfae800fa08ef0c901a7a22422f18a84adfd48e289c778713108ea99d6dca6999177

    • SSDEEP

      768:SNVX34iCIGDJ+bmGYPfca5VqksJ1Qlo3QMxe47bVB59BNvt1t9gWD:YH4iu1zIjB1Qe3QseyhBjTt97

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

strela
Score
10/10

behavioral1

streladiscoverystealer
Score
10/10

behavioral2

streladiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
7/10

behavioral18

discovery
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10