General

  • Target

    MELODYNE.rar

  • Size

    165.2MB

  • Sample

    241022-r6z91ssdqk

  • MD5

    856b9721814c4fdd56db57a611c438d1

  • SHA1

    19280eb40b05a0844a0341f72eeaa2e6c5887531

  • SHA256

    6a0ac5a6cef15e181e0808a20033f12af37c0ab5d80d6eba62ca3c98b430a740

  • SHA512

    d6ef923fe4277889713d6c6b55782dcd0e949342176c8652ffa38ebeb1b6adb513a6ab13b778714cb10b4ef65cfe16f8e5e1a7f812960582febc9df775a627ce

  • SSDEEP

    3145728:bMsJEqF+1ba31/lv88F28vve7G3n9GNiHX0dZSwTW9rxSQ8qb7Q9hiYLawK:bMRI+JaF/p88/uCX9Qi302wK9rxSQ8qf

Malware Config

Targets

    • Target

      MELODYNE.rar

    • Size

      165.2MB

    • MD5

      856b9721814c4fdd56db57a611c438d1

    • SHA1

      19280eb40b05a0844a0341f72eeaa2e6c5887531

    • SHA256

      6a0ac5a6cef15e181e0808a20033f12af37c0ab5d80d6eba62ca3c98b430a740

    • SHA512

      d6ef923fe4277889713d6c6b55782dcd0e949342176c8652ffa38ebeb1b6adb513a6ab13b778714cb10b4ef65cfe16f8e5e1a7f812960582febc9df775a627ce

    • SSDEEP

      3145728:bMsJEqF+1ba31/lv88F28vve7G3n9GNiHX0dZSwTW9rxSQ8qb7Q9hiYLawK:bMRI+JaF/p88/uCX9Qi302wK9rxSQ8qf

    Score
    1/10
    • Target

      R2R.nfo

    • Size

      17KB

    • MD5

      0c66646cce8debeebc7498c26997fea0

    • SHA1

      0c57d4b96bf65aad2b32349e1ac40f3aab30bda2

    • SHA256

      20bf2c30e85e36b8487e70ccc9cb90c3ff5ffe77baaea9056b6c6aa4c31753ab

    • SHA512

      305660ffa90ee2f83b293c43d1f2b858a5d04016e800fd2c83e976f69548f6bbc5308e9f61c79becfaa1e2f296fa72fe3d822b9af9c307a77ac0356d87dc7784

    • SSDEEP

      96:LW/hm3Ng6eiqZN+6bdPegUn2ptd/TiA3NmM1dk+g2ErfGjveSsnZawelE/+qJSOh:M6abdPCnWZiAjRELK2S9A/HJSOTI61

    Score
    1/10
    • Target

      r2r-4421.r00

    • Size

      23.8MB

    • MD5

      e02de7902e9f37283fad44e03219e60b

    • SHA1

      c06ae4a8a1a9df1d7cb23920e6e1b16148e2d91b

    • SHA256

      d12e0c9c4c4b12ba6580da788108e5eeec9580f8f59921af2fbb368522093a31

    • SHA512

      3d9f776e08e678f4564efad0f016c0e5a5a2c4b484bada8cf47749b05d632ed68e8abb579e6595fe04f2bbe690fd980f346f099219e9833b6700cfc36af49766

    • SSDEEP

      393216:KZ1gWLPiZXcBplt/QyvzeuWLYSYVtE4+ScFebg2EufsNnxiGonSB+53A0MPI:WgWLPihcBpF6u6cKScFeXfWxiGonu+y0

    Score
    1/10
    • Target

      setup.exe

    • Size

      82.5MB

    • MD5

      2b408f64508f89f31eea20586050fd85

    • SHA1

      8f26ee1f0d9714dbadd99ca6d26751a35dca3dcd

    • SHA256

      7c7b22145b0d6b10576d358a3eb903b642b71dcf374cb58d8a372aa23b3e4baa

    • SHA512

      cfa073a656dadb8455c6b9ef535858f87c747a42021b23a83596c71220e304ea61bfe4880f7f0df96f88d2ecca22d6d3b7b9a8dfbc01bd620fb9100ffe9b9290

    • SSDEEP

      1572864:m2n1DWpbcQb+1hekC/0LQJzBNEcxOrIP/YpUIHdwDVKdj0nnodsYAWbjZk:m2tWNkekDLqNEAAU4wha29sjZk

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      89351a0a6a89519c86c5531e20dab9ea

    • SHA1

      9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

    • SHA256

      f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

    • SHA512

      13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

    • SSDEEP

      384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      bf712f32249029466fa86756f5546950

    • SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    • SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    • SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • SSDEEP

      192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

    Score
    3/10
    • Target

      $PLUGINSDIR/bass.dll

    • Size

      107KB

    • MD5

      c0b11a7e60f69241ddcb278722ab962f

    • SHA1

      ff855961eb5ed8779498915bab3d642044fc9bb1

    • SHA256

      a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021

    • SHA512

      cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472

    • SSDEEP

      3072:/T2x0givE7LLCQv6vRoRJrdEQeX0m9JQfrob:/T2Ogt7ag65kNqjJDb

    Score
    3/10
    • Target

      r2r-4421.r01

    • Size

      23.8MB

    • MD5

      db8326ce812bb50b7f07f5d85b8047dc

    • SHA1

      aea2fb9321f648a7a92339300dbf34ebc282e8b7

    • SHA256

      a5b4f644065323cbc577e93fd585ced4ca8ba5fedb9c5ef0a6576268de2b2310

    • SHA512

      a1c4de436f8a2d04afc5609c8b9656cea5489b12a623e644e9dfe5660828d7c3fba1b6f43f831e13fce6220a731b1371f0d94283c701e68d3586e3fe55871358

    • SSDEEP

      393216:oA+kXzF+jbQlmRaadpzAOrScW5EZJEw2QRWjUtFCmz4J9b6hj2N4xDc4R1hmeRoz:ZJcQK1b71Ew39FCm0J9b6uYZmeRoRS

    Score
    1/10
    • Target

      setup.exe

    • Size

      82.5MB

    • MD5

      2b408f64508f89f31eea20586050fd85

    • SHA1

      8f26ee1f0d9714dbadd99ca6d26751a35dca3dcd

    • SHA256

      7c7b22145b0d6b10576d358a3eb903b642b71dcf374cb58d8a372aa23b3e4baa

    • SHA512

      cfa073a656dadb8455c6b9ef535858f87c747a42021b23a83596c71220e304ea61bfe4880f7f0df96f88d2ecca22d6d3b7b9a8dfbc01bd620fb9100ffe9b9290

    • SSDEEP

      1572864:m2n1DWpbcQb+1hekC/0LQJzBNEcxOrIP/YpUIHdwDVKdj0nnodsYAWbjZk:m2tWNkekDLqNEAAU4wha29sjZk

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      89351a0a6a89519c86c5531e20dab9ea

    • SHA1

      9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

    • SHA256

      f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

    • SHA512

      13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

    • SSDEEP

      384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      bf712f32249029466fa86756f5546950

    • SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    • SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    • SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • SSDEEP

      192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

    Score
    3/10
    • Target

      $PLUGINSDIR/bass.dll

    • Size

      107KB

    • MD5

      c0b11a7e60f69241ddcb278722ab962f

    • SHA1

      ff855961eb5ed8779498915bab3d642044fc9bb1

    • SHA256

      a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021

    • SHA512

      cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472

    • SSDEEP

      3072:/T2x0givE7LLCQv6vRoRJrdEQeX0m9JQfrob:/T2Ogt7ag65kNqjJDb

    Score
    3/10
    • Target

      r2r-4421.r02

    • Size

      11.0MB

    • MD5

      616260085d7ff006524fd19f98beed84

    • SHA1

      251c8aac64c13f5310b795c73457626408e464c0

    • SHA256

      8cc10f5ca6f42e1fe8ea8c8e3475a5cd6e732b3dd3c1f01df9da4fb495f99ff9

    • SHA512

      7044e991715b019ada33b5a7d483dd8bc3cd2b55e75e576bcefd1f59be1c04ddaea08dcdf3aa501bf1e2089b077a6fef4fad46781fa5a5a1ddd8e75b9735bef5

    • SSDEEP

      196608:DUL2sfe3L4hBb4G+Bw56jy6ZF/wA4SUc2mXlZvhaqa2qJhg2pSBp2gIfb:M2sSL4hBbf16KA4SdV3akw6Sb

    Score
    1/10
    • Target

      r2r-4421.rar

    • Size

      23.8MB

    • MD5

      c247d88ec38792cdc3f96ced88f2118e

    • SHA1

      512a7565e4c31a31bf6bc912d27f825d915117dc

    • SHA256

      38b9863aa1dd6abdbd774d03ab6b8fba8c5ab789c56afa64f5a4ad4b0e1c44c4

    • SHA512

      c85ea9d259c4d75ff70a5991e671405345453e2fd7f1eba5d46c6c74d4c846d380925518b68064ad19151d537475d7126e38f73f7673d5f09ee27e38e30fa202

    • SSDEEP

      393216:aZnWhb+CC2sP5+MQTcMw7RXX6nT/5Kmy5Ktx/0FmtNt3q8uheHbJPwVGxuCnZlH9:aZn3CVuDQq716nT/5KKRt73q8T5uGxuW

    Score
    1/10
    • Target

      r2r-4421.sfv

    • Size

      92B

    • MD5

      d89d7fdb48970632435123863ea3333c

    • SHA1

      cfc22c2fc368215516bdd9a867b61adb166f57ef

    • SHA256

      7b5399fab054a38b2740d500080d60b7ab0fe52d0f7a44ba03919545e6f5775a

    • SHA512

      8d71a84d49ee1a7b644c7b3db840a9a1b44da7eff09981aa37dc8aee9a2de0ab9915a89dc475151232bd72b9978e9b64b6a03092068a6af2fb5cd6998063c2ad

    Score
    3/10
    • Target

      setup.exe

    • Size

      82.5MB

    • MD5

      2b408f64508f89f31eea20586050fd85

    • SHA1

      8f26ee1f0d9714dbadd99ca6d26751a35dca3dcd

    • SHA256

      7c7b22145b0d6b10576d358a3eb903b642b71dcf374cb58d8a372aa23b3e4baa

    • SHA512

      cfa073a656dadb8455c6b9ef535858f87c747a42021b23a83596c71220e304ea61bfe4880f7f0df96f88d2ecca22d6d3b7b9a8dfbc01bd620fb9100ffe9b9290

    • SSDEEP

      1572864:m2n1DWpbcQb+1hekC/0LQJzBNEcxOrIP/YpUIHdwDVKdj0nnodsYAWbjZk:m2tWNkekDLqNEAAU4wha29sjZk

    • Detects Strela Stealer payload

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      upped_to_audioz.txt

    • Size

      10B

    • MD5

      dbdd53aca3b9f51e3e21f0a0d8003302

    • SHA1

      3ba13c2aaf04a92469adc637a8ee69b4ec8b413d

    • SHA256

      be7532de7ec68cf3308b6957fcc66cf50527bdd9052fd487d7b769478bd7993d

    • SHA512

      8eea14024d6c76faf48304b1e915346ce2cd78800672ad582e0eefb7b146832f0083a87ed07e0c9577975a371177fc0eea22112f77d7a9b9842a60cac52fa9f0

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks