strela | 5ecb021c3df38ad4c5927acf57c4d8064e4144c3cb1cac1740b97adac8c7c24b[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5ecb021c3df38ad4c5927acf57c4d8064e4144c3cb1cac1740b97adac8c7c24b.exe
Size

398KB
MD5

59082d0c7b3ea34923139981d4f22df9
SHA1

6c318bbc0a3d4484a8f65648e0f33e3aa55822a5
SHA256

5ecb021c3df38ad4c5927acf57c4d8064e4144c3cb1cac1740b97adac8c7c24b
SHA512

11d714e03ab78783c3eadc767cb0384fefa4f810940731d51dbc65ae390083807af0a3528b01babc810cb647cba38eb1535072b0489778cce9e52e01fcd34c88
SSDEEP

12288:EBmOeWHehSjfhiPsxOticWgeEqq1sdeYo5H:EBmQISbA0wicWR

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ecb021c3df38ad4c5927acf57c4d8064e4144c3cb1cac1740b97adac8c7c24b.exe

Files

5ecb021c3df38ad4c5927acf57c4d8064e4144c3cb1cac1740b97adac8c7c24b.exe
.exe windows:6 windows x64 arch:x64

5ca1e85281bdc4fd891b0e196273b9a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetVolumeNameForVolumeMountPointA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
lstrlenW

user32

GetKeyboardLayout
GetKeyboardLayoutList
MessageBoxA
ShowWindow
wsprintfA

shell32

SHGetFolderPathA
SHGetKnownFolderItem
ShellExecuteExA

advapi32

RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA

ole32

CoInitialize
CoTaskMemFree

crypt32

CryptUnprotectData

shlwapi

PathFileExistsA
StrStrA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ca1e85281bdc4fd891b0e196273b9a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ole32

crypt32

shlwapi

wininet

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 4KB - Virtual size: 4KB

.retplne Size: 512B - Virtual size: 140B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 2KB - Virtual size: 1KB