strela | f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff.exe
Size

398KB
MD5

0d9d6b9514db21df74aff5e7d9a66c6f
SHA1

622b49e0bfd5c2524776936d70a3c0366030b6ba
SHA256

f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff
SHA512

51cad109f958bccee8c322e7d1ec0182d317bf44a59288159c418995a6dc0b6274039f8f1232bd6268e5b335358d1fb8eac5bc9f2270d4125f03e6178a4d005e
SSDEEP

12288:EnmOeWHehSjfhiPsxOticWgeEqq1sdeYo5H:EnmQISbA0wicWR

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff.exe

Files

f33e8db7a25ec1c123fa8fb3094daaa5d6a630c1c19a4bcd61dca06ed7c339ff.exe
.exe windows:6 windows x64 arch:x64

5ca1e85281bdc4fd891b0e196273b9a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetConsoleMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetVolumeNameForVolumeMountPointA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
lstrlenW

user32

GetKeyboardLayout
GetKeyboardLayoutList
MessageBoxA
ShowWindow
wsprintfA

shell32

SHGetFolderPathA
SHGetKnownFolderItem
ShellExecuteExA

advapi32

RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA

ole32

CoInitialize
CoTaskMemFree

crypt32

CryptUnprotectData

shlwapi

PathFileExistsA
StrStrA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ca1e85281bdc4fd891b0e196273b9a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ole32

crypt32

shlwapi

wininet

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 4KB - Virtual size: 4KB

.retplne Size: 512B - Virtual size: 140B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 2KB - Virtual size: 1KB