Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-12-2024 03:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d1a35f2cf986a3a03ef87ce0c4c1ca13b27a79d2d4975f1658bf7c6156fda7af.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
d1a35f2cf986a3a03ef87ce0c4c1ca13b27a79d2d4975f1658bf7c6156fda7af.dll
-
Size
471KB
-
MD5
4b8d572f4d087b931c6304b70208bcd3
-
SHA1
38a68c6e555b53417c600df03cc65135b4c01d24
-
SHA256
d1a35f2cf986a3a03ef87ce0c4c1ca13b27a79d2d4975f1658bf7c6156fda7af
-
SHA512
c3129e3c7a54c764379fbe375a541eea1d4f1abd06f9d0c7b00b4eb30b9eeddff1df05bb7f7306acc4de9058690e5c24edd0996cd4efd78e61bc0f0de547b925
-
SSDEEP
6144:zcxtNN004tMwwyYZEDGDW0Fh6aRDmpXxBtGqDnojj1MlwjBnxh+0GPTPZmV0Jyu9:aN/+MwOqDg6hphXNEVZjB/RoLMV3xZH
Malware Config
Signatures
-
Detects Strela Stealer payload 2 IoCs
resource yara_rule behavioral2/memory/4152-1-0x0000000002BC0000-0x0000000002C34000-memory.dmp family_strela behavioral2/memory/4152-2-0x0000000002BC0000-0x0000000002C34000-memory.dmp family_strela -
Strela family
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request72.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request197.87.175.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request59.238.56.23.in-addr.arpaIN PTRResponse59.238.56.23.in-addr.arpaIN PTRa23-56-238-59deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
No results found
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
72.32.126.40.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
197.87.175.4.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
59.238.56.23.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa