strela | 3189efaf2330177d2817cfb69a8bfa3b846c24ec534aa3e6b66c8a28f3b18d4b | Triage

Sharing

General

Target

3189efaf23301_mail77d2817cfb69a8bfa3b846c24ec534aa3e6b66c8a28f3b18d4bXxX6Zip.zip
Size

178KB
Sample

241103-tk2basyakf
MD5

e2936de211b980bb9bc042c04348978e
SHA1

f16890fb143741ec118befd22f6903a18f8f1315
SHA256

3189efaf2330177d2817cfb69a8bfa3b846c24ec534aa3e6b66c8a28f3b18d4b
SHA512

2ac2aca1bc368a6fe4851a0da13dc699c3c534d1937cb313bf27df2ea87502240739fdafb9ddc2f3b99faf653b526ded3aec2e6a12e7d11f05c14c87f709fe92
SSDEEP

3072:BcT+wa/SAEaXK17HBv6c7G9H2WvC88sMTES3nHxBhrycbExqe/VGkpFLDeh:mLa4aXK17HBv6c7y2uerhrycALFFLDeh

Score

10^/10

strela defense_evasion execution stealer

Malware Config

Extracted

Family

strela

C2

193.109.85.231

Attributes

url_path
/server.php
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537

Targets

- Target
  
  18262829011200.js
- Size
  
  345KB
- MD5
  
  301503edfb1ea723b231b416c2a81f0f
- SHA1
  
  dd41fda85637d2593ef4aad407371ec830fe171d
- SHA256
  
  544887bc3f0dccb610dd7ba35b498a03ea32fca047e133a0639d5bca61cc6f45
- SHA512
  
  f5df4b28a0f012b458026ef7caa2f460f51476a67e63e63641631dc5672b4920422618afb36af17373ffdfcc678370dc965678f3d3f1dda5326589c2a471f9d5
- SSDEEP
  
  6144:FSxcuKYMvWe+ch9Bi7PoOCSElpHMnOInDOWPZsngSKTj+c42pf:+cRYMv5+ctgEBmODYsw+h2pf
Score

10^/10

strela defense_evasion execution stealer
- Detects Strela Stealer payload
- Strela family
  strela
- Strela stealer
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

streladefense_evasionexecutionstealer

behavioral2

streladefense_evasionexecutionstealer