General

  • Target

    d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6N.exe

  • Size

    239KB

  • Sample

    250217-jnzxjawkgl

  • MD5

    4f3cfb44a90b9575a03b5861312828c0

  • SHA1

    1e3b9f1a2e754ef3f2cf0d47d50c78463ebdd0a9

  • SHA256

    d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6

  • SHA512

    8ede7feaf0ebadc9e3fa83df82181d8d739f6558d7af74919162fc89a2361383c165dd3ba35ac42d3f9061b50bf9ee11308fd9853e40f9e3e1e729bd8741df68

  • SSDEEP

    3072:RB+UB25/XDXgRBBPQeGP7Cc8exDm0I7NYoCXYUzoU3o97b2KwJ2j6w9L9fD/9:RB+nXDXgRBBPQ5mc/aDU0Z9flVzfDF

Malware Config

Extracted

Family

strela

C2

45.9.74.176

Attributes
  • url_path

    /server.php

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Targets

    • Target

      d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6N.exe

    • Size

      239KB

    • MD5

      4f3cfb44a90b9575a03b5861312828c0

    • SHA1

      1e3b9f1a2e754ef3f2cf0d47d50c78463ebdd0a9

    • SHA256

      d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6

    • SHA512

      8ede7feaf0ebadc9e3fa83df82181d8d739f6558d7af74919162fc89a2361383c165dd3ba35ac42d3f9061b50bf9ee11308fd9853e40f9e3e1e729bd8741df68

    • SSDEEP

      3072:RB+UB25/XDXgRBBPQeGP7Cc8exDm0I7NYoCXYUzoU3o97b2KwJ2j6w9L9fD/9:RB+nXDXgRBBPQ5mc/aDU0Z9flVzfDF

    • Detects Strela Stealer payload

    • Strela family

    • Strela stealer

      An info stealer targeting mail credentials first seen in late 2022.

    • Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks