General

  • Target

    setup.exe

  • Size

    3.9MB

  • Sample

    241020-gc4p8stglp

  • MD5

    81e69b29c4c09391a12b665e7661f48e

  • SHA1

    b103b694d12544c9db444badd9e2263d219698b1

  • SHA256

    81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1

  • SHA512

    5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042

  • SSDEEP

    98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54

Malware Config

Targets

    • Target

      setup.exe

    • Size

      3.9MB

    • MD5

      81e69b29c4c09391a12b665e7661f48e

    • SHA1

      b103b694d12544c9db444badd9e2263d219698b1

    • SHA256

      81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1

    • SHA512

      5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042

    • SSDEEP

      98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/AdvSplash.dll

    • Size

      6KB

    • MD5

      13cc92f90a299f5b2b2f795d0d2e47dc

    • SHA1

      aa69ead8520876d232c6ed96021a4825e79f542f

    • SHA256

      eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

    • SHA512

      ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

    • SSDEEP

      96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP

    Score
    3/10
    • Target

      $PLUGINSDIR/Bass.dll

    • Size

      101KB

    • MD5

      a8af308ff01b4477657955fbf0cc8408

    • SHA1

      0794c059f0326e4a71be8a3ee4ac17a657d90d88

    • SHA256

      14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

    • SHA512

      9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

    • SSDEEP

      3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe

    Score
    3/10
    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      8KB

    • MD5

      e013b625f5ae1e2f0b442cf39c0069df

    • SHA1

      9ec785b63279144c091366badda65278c4cdee20

    • SHA256

      16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15

    • SHA512

      306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418

    • SSDEEP

      192:9r/9XGqK7s/AlHdJZBi46AQ5VuNxHA8/1:HXGqM93Bi46AQ5Vujg8/1

    Score
    3/10
    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll

    • Size

      5.8MB

    • MD5

      028251654a4d65509aa8ccb5f2ee284a

    • SHA1

      4a4ad468a86df6b903002be4f8919017fea0c152

    • SHA256

      8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe

    • SHA512

      f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

    • SSDEEP

      98304:kj0Kg9frmFcqlMZ4vpHfOVlQnzW4Aogn/oXFdAaTZ8GcB7d0s:kjFA7t2RHfYlQZJgTamGcBis

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/bass.dll

    • Size

      101KB

    • MD5

      a8af308ff01b4477657955fbf0cc8408

    • SHA1

      0794c059f0326e4a71be8a3ee4ac17a657d90d88

    • SHA256

      14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

    • SHA512

      9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

    • SSDEEP

      3072:kR+vccy3LIweO1vFCLPkG9dfSD0BXZXmpw69Qe:S+vccy3hF1vFCT99dTBX5mupe

    Score
    3/10
    • Target

      Resource/Sausage Fattener 32.dat

    • Size

      845KB

    • MD5

      69d6f94235a27ef0e06544e9ce0d632e

    • SHA1

      ea92ea58a7db386092a868eea87949fc5d8fa626

    • SHA256

      662c308546fc42506073e1f12d38252f7cdaad888e13ee4cf109d062ac609955

    • SHA512

      39432cea09d8a9921176f14aaae140ce6638c8321f5fe3808616152dc84473bcbfd0215150632d6cfc32f78c7419576a20d5e00f19507018f7de88761e577ea3

    • SSDEEP

      12288:8E980FzsrMFYul42/YkXE7bZ0TaOI7Yme6lvWHSRukPOGx4FCN225w/l4n:54MJ9TYYmZoSwGYCxC/l

    Score
    3/10
    • Target

      Resource/Sausage Fattener 64.dat

    • Size

      745KB

    • MD5

      54796ccdb2d6031b2e0d1259e534caac

    • SHA1

      5c46b4ee988900a2da2a0a60314ac45ac265c9ef

    • SHA256

      59b707eefe8286a9468d8ddb4cab4fc5ad4090ef21d68f4c57a3da2c9a5df58d

    • SHA512

      d3fc2c18f431bb7a7aa08ebc70026409363700bc509c22e53d12e14e480fb9096cb0e583cead0e882ebeb21c1b29e7655d86bad65a041b27c377404fe41c186a

    • SSDEEP

      6144:B12aJOgYCwbtc6bZ7e7c30XnmT/0Vn3wTpyw4156CM5uG7t6q5bAy2WGvy+Vv1nC:5kgob6QZJ0Xnq/3N5uG7eyDcFbA8oKo

    Score
    1/10
    • Target

      Sausage Fattener x64.dll

    • Size

      92KB

    • MD5

      8d7608fa89581b1fb6f35c48a6f110ec

    • SHA1

      9741b557de8207c934b81e00983eeba1f71e1f7b

    • SHA256

      7ef161e760e967040516a79d961bd137fb12a54753dad80d16caf26fc2421994

    • SHA512

      e962f63c38bb37b65d0adbfd5020243f2bed6cffebb40c61c8ebaa43d8ae1e58e7f8d51a77c28c56046a4c7f03c65440e30f59ac6f8ae05141254228b2fc33e4

    • SSDEEP

      1536:a7wHSj5Heqr6T2b2XrVx4GHNsCqhmMQfVuzoC2BXTt3xHH5ZuMBuNpHoUqNJ4X:aO4kq2T2q7H4uNXqhmMQfLjxn5FAoxLm

    Score
    1/10
    • Target

      Sausage Fattener.dll

    • Size

      95KB

    • MD5

      52e95d9e2e0cfc550ce4e40f1d686480

    • SHA1

      59984bb6becc0f6084851b623f0f2c4bbc901fe1

    • SHA256

      42349ce1da21c41e2f72641a76d64fca1a7c7f6c405a50d331c581d2fbf10f76

    • SHA512

      95b59db3be017ba7486dc774d80af1bc55e50dfcb86b918f266d4db77fc88061b84ba77fd1682a2af81e49608b23ffa4153763a264c85078b32d399b6ebffd03

    • SSDEEP

      1536:YVoTTf6N2C80UWDOS1Vjw2+OSqbUSovFFvJnystkH+vtmgMbFu6kN:NTxtlB0GNBo4Ag0Fu6kN

    Score
    3/10
    • Target

      uninstall.exe

    • Size

      38KB

    • MD5

      4d80cf1dcb4050035ababe91073376ed

    • SHA1

      66479ddbc4426fb45a526d7a6fb1df1ad09eedde

    • SHA256

      09511049b3b5d519bd9ad7fffe29fbae5bde288364e69cff6490a64d6e4f601e

    • SHA512

      972bddb89968cb422c6e35aad471b3ca262a40169ff624a207d5a4053efd211251fa04f6381a34230163d0a22239897e751b24dbfa8390444ffe77b7d3c261cb

    • SSDEEP

      768:c4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJ3Tc8F1:PLXB65939tY6HBg4sXJ3TJ

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

strela
Score
10/10

behavioral1

streladiscoverystealer
Score
10/10

behavioral2

streladiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
7/10

behavioral26

discovery
Score
7/10