strela | f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff | Triage

Sharing

General

Target

f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff.exe
Size

398KB
Sample

250123-kce9es1qfw
MD5

0d9d6b9514db21df74aff5e7d9a66c6f
SHA1

622b49e0bfd5c2524776936d70a3c0366030b6ba
SHA256

f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff
SHA512

51cad109f958bccee8c322e7d1ec0182d317bf44a59288159c418995a6dc0b6274039f8f1232bd6268e5b335358d1fb8eac5bc9f2270d4125f03e6178a4d005e
SSDEEP

12288:EnmOeWHehSjfhiPsxOticWgeEqq1sdeYo5H:EnmQISbA0wicWR

Score

10^/10

strela collection spyware stealer

Malware Config

Targets

- Target
  
  f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff.exe
- Size
  
  398KB
- MD5
  
  0d9d6b9514db21df74aff5e7d9a66c6f
- SHA1
  
  622b49e0bfd5c2524776936d70a3c0366030b6ba
- SHA256
  
  f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff
- SHA512
  
  51cad109f958bccee8c322e7d1ec0182d317bf44a59288159c418995a6dc0b6274039f8f1232bd6268e5b335358d1fb8eac5bc9f2270d4125f03e6178a4d005e
- SSDEEP
  
  12288:EnmOeWHehSjfhiPsxOticWgeEqq1sdeYo5H:EnmQISbA0wicWR
Score

7^/10

collection spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

collectionspywarestealer