strela | 71916efd98ebad32e60025ebb48cbc3bb8556d60a82260143580fa2b3f90c72c

Sharing

Copy URL

Twitter E-mail

General

Target

ed5a7491d26a7d1621150eee7d77a97b_JaffaCakes118
Size

564KB
Sample

241214-afpbdstmgr
MD5

ed5a7491d26a7d1621150eee7d77a97b
SHA1

54181f2ddf8951f79a824a3dcf6e34540f1dc9cf
SHA256

71916efd98ebad32e60025ebb48cbc3bb8556d60a82260143580fa2b3f90c72c
SHA512

6c94d147c5c1187f5a8ce46654c9d181adc1e58ac85d72398e1cdf2073c80aecb663e2dfc73655e8bcee6cbd8b3cae17208c1dcec475167162813a9dcbf154fe
SSDEEP

12288:9L4ceXBm45rsS3308qPvMwiM4VBBk0YMrIGB0uERVr4+aOotP/eLJk:N4ceXBm4qyk8q34M47YMrIpzr4+aOI/F

Score

10^/10

Malware Config

Targets

- Target
  
  SnSetup1.7.exe
- Size
  
  601KB
- MD5
  
  bfe8e9072c8e530229f4984f4e64c534
- SHA1
  
  cf95d3be5395744e696d9cf0484915d185a3eaab
- SHA256
  
  91f02fafb1a3ab7a20761d308d7a1f224e889cb0bc43daadf9d9cb5d5c6e65e3
- SHA512
  
  a83b872c670c54839842f0e246e8a6739f8b5aab8a23e2678c999e891a8caf21fec7a4ad84e7691dbd0072db01215e88b120be526adf5bc8ea01130d757adf84
- SSDEEP
  
  12288:0zWyF45rsw9308qtvMwiM4HZS/dfLhaIGn0uERTtIiaO+tP/etJz:0zWyF4qQk8qh4M4Hk99aI1ttIiaOG/eX
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  83c5a8e90cd10cb31a9215eb4421341f
- SHA1
  
  52ddbbfa955936f87516c52b2bb679a6b4363e22
- SHA256
  
  da006773e11871b8834036c30acab8fabcce2c9e9f52bb2b425f947bdf33f7c6
- SHA512
  
  46c20fd762a643028f3c4287ed3dbd762bc1cd17ee5ad1d90cbad23f15901fbab14b726d7f3e45eeb370fb6a2ee5268a2e9ebaae7ab6067c855361d24fc806a4
- SSDEEP
  
  48:SHGGPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJOof2ynh1:E1cWxfzrrh2cFvWwFtSh
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Data/register-en-US.htm
- Size
  
  7KB
- MD5
  
  7f5cc2de62d3cfded6df11c12ba29bef
- SHA1
  
  794d28fb01c64307ffb4d11cdb5f0e5ade25764a
- SHA256
  
  c98dacf548332f440e75e3fd419c19faf2ff66d4cfae453e9afc9e2a944e2889
- SHA512
  
  42fa96d52762eb5c2e8c94c392bcef08f56c5ce8dec0960f9847a7bce1a36073386c4646311c55cf2e0a96b773c0c99794e6cee64fce4795bf27d7c652fbe5f9
- SSDEEP
  
  192:wQF/w/oV90Wz6vODX0vh9epP6836mY2efYGqJfgTauvUrFcJB:/LBf6FyCT/OFcJB
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Data/register-zh-CN.htm
- Size
  
  11KB
- MD5
  
  d635ec9c62de6f0d8d72ce36fe08b7bb
- SHA1
  
  30b814eaf61ffe8b8309456adbea947eb046b22d
- SHA256
  
  f7efbed02bea5432387cf8dcc6f1a59eca4b91c26db36d50ced0e070e31b88ac
- SHA512
  
  244d1033a8091d9a9fbc6a3407c534ce7e586e67cc56273efd618422646238e3a4473e4663d0828ca8907c8952421b7a2902afb88aff1e574c927b2cbce8ffc3
- SSDEEP
  
  192:9F/w/oEKPj0VlSk8vVPzYYj1qnPsTTniQiTHVlJ+TlB:XrjNPz5aPsTTn8VlJ+TlB
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Data/register-zh-TW.htm
- Size
  
  12KB
- MD5
  
  74906a9d26f06dea02d4c2129c34b000
- SHA1
  
  47eed5eccc4feb0bedb81f222a91914970395011
- SHA256
  
  abceb3e0851e769983f69dd7fc32e951fdbc1b07498649d6b8106691dedb7489
- SHA512
  
  081d55b6cc5eaad96f874e46b249fc9ab8b4a33f3522a47f57d79e1b52c4a0824082f1f53c3c127e60a8988410ae1ad21dc94f280544ca6681701a9f1dcbf03f
- SSDEEP
  
  384:4vE+YYg5qTuhQw+wSwoC2+FwkwZw6wsSxZTokYYDDTlgA:KbgkTuhQw+wSwot+FwkwZw6wsmZEkYY/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  SerialNull.exe
- Size
  
  193KB
- MD5
  
  cfe544e042b57980bdc5c044e64d06a3
- SHA1
  
  38057e44e41d5eeb706e2e27b35b8e8d87d0fb24
- SHA256
  
  502f20ca9cf7259a73217d3144fdd2aefb697b997717b5a16e9c92a2d276afc9
- SHA512
  
  f741ac253760e579d9d0a10667863987ae35fbd806bbea9bef36f1062a7fea24358336d778970f44390576702568355c768453a9188ef9a9c13b84f88efd3e50
- SSDEEP
  
  3072:qZqXhUiJFdGI2qelyDDwfd6U8vHlNQALmis4f+nFYZw2sOPJOBjmeeI+DLJO:qMRU0FDIYUd6UAjXumZCOhW4
Score

10^/10

strela discovery persistence stealer
- Detects Strela Stealer payload
- Strela family
  strela
- Strela stealer
  An info stealer targeting mail credentials first seen in late 2022.
  stealer strela
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  SnBus.sys
- Size
  
  30KB
- MD5
  
  4b7f3be8378dd0e8a41e97b74eedc7c3
- SHA1
  
  9692d5dfc81a23dfe1df529403dac57165520159
- SHA256
  
  1334fa696d2b1ecfb6ce7d3b0fa7f1144f79887a654bcbc6628e71c58c63dc38
- SHA512
  
  d223b5b0995f078c4052f3f78237973250d6c8365ccf943e2bd817e00c92a403c24a14f0e4da0e490578908c4a8000402662d5a949282f5082b9dbcf4138e295
- SSDEEP
  
  384:RfInDYki9jR+Tozwr4N5DkgTM1uz5wnOHTHpngz7YInCpij3gf8rxFd:Rf1ki9djX9kgTKOHjpngz7YICIZ
Score

1^/10
behavioral13 behavioral14
- Target
  
  SnSerial.sys
- Size
  
  33KB
- MD5
  
  370e64094afd499d27540bf163297a56
- SHA1
  
  c0dc27c448c21f874e496277393a34ae1d2b4a4c
- SHA256
  
  8b4a26a387f2fa4f11dc90a3fc83aad2bcdd7afe0a1c7137928619060773774f
- SHA512
  
  60a11f3a7982751e1f6fed4dbde68771e599e8ca1715515251e94c73d55e9e4d359f5f5b367fddca75dea044699c852f523b7ac911a836fe1fd204a7cf3c498d
- SSDEEP
  
  768:iTkxyzR73rtXtvjKagtPr9O/boPZWXsEC9gjWWWkB6vUwKN:ilR7JX5ktPr9sEPAXuKzEn+
Score

1^/10
behavioral15 behavioral16
- Target
  
  install.exe
- Size
  
  57KB
- MD5
  
  242b49803d0dc2c25486ab866d8516cb
- SHA1
  
  8d4302a242f4e3be1678e21e9bf79cc27f123e7d
- SHA256
  
  0d03931dae04b1d6cae8d3745c3aff6315e0df8c6b0bb2589fe77b50580e88f6
- SHA512
  
  02ba717114ac8fe22898356403065203d719e97b6bc4ececaf849fb21e02529bf54f367bd3468103045cc63a60c77935d8efa04fec67f6d80b60e43067966577
- SSDEEP
  
  768:/Y9BR4QkHgaYpYnqL6n/RwilMARtPvevxHs4gZWk:mzlkHgNxc58ARtP2xHeW
Score

5^/10

discovery
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  ȿ˶.url
- Size
  
  174B
- MD5
  
  b4f682d95ca18141304d88346dcb32dd
- SHA1
  
  cfd612d9edc6926485ae4b9111ef282a75c81aab
- SHA256
  
  6ffc24ba95d4fb28807b1748c76ef597c299a580bf2d43f1567f65b9fb897a93
- SHA512
  
  4cc117b053edc374e83a294e070e5a1748aa5b48a33e755e321716df1c7a2d6d4281a5b6f30cbbd07bfb331bbfee31973bea7561300f249a12052f543609ad08
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Detects Strela Stealer payload

Strela family

Strela stealer

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20