strela | 78ea7445cae96a58d910557659789ff84c7a469293c687a41531d511cffffc53 | Triage

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
06/11/2024, 19:18 UTC

Sharing

Report Analysis Logs

General

Target

23403268524597.dll
Size

505KB
MD5

7f4085f9eb49326adf9a47a400cbd955
SHA1

a8b8a4cdff1466d1f99429bcbbb2c3122de4f276
SHA256

78ea7445cae96a58d910557659789ff84c7a469293c687a41531d511cffffc53
SHA512

976b38a207a4fad5ef8b628d105dd5ed695d683011d538d888d01f94995dcd5935735978087035697ca81f002a6abc5005234867489af568777d103b7ae57b8b
SSDEEP

12288:HeTibW0EeHV/KF41xMQVaK+u7x3W4wkGTefNS:HbzsF4MyVXWXTefNS

Score

10^/10

strela stealer

Malware Config

Extracted

Family

strela

C2

94.159.113.86

Attributes

url_path
/server.php

Signatures

Detects Strela Stealer payload 3 IoCs

resource	yara_rule
behavioral1/memory/2380-1-0x0000000000110000-0x0000000000133000-memory.dmp	family_strela
behavioral1/memory/2380-0-0x0000000000110000-0x0000000000133000-memory.dmp	family_strela
behavioral1/memory/2380-2-0x0000000000110000-0x0000000000133000-memory.dmp	family_strela

Strela family
strela
Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23403268524597.dll,#1
1⤵
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-1-0x0000000000110000-0x0000000000133000-memory.dmp

Filesize
140KB

Download
memory/2380-0-0x0000000000110000-0x0000000000133000-memory.dmp

Filesize
140KB

Download
memory/2380-2-0x0000000000110000-0x0000000000133000-memory.dmp

Filesize
140KB

Download