strela | d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/02/2025, 07:49

Target

d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6N.dll
Size

239KB
MD5

4f3cfb44a90b9575a03b5861312828c0
SHA1

1e3b9f1a2e754ef3f2cf0d47d50c78463ebdd0a9
SHA256

d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6
SHA512

8ede7feaf0ebadc9e3fa83df82181d8d739f6558d7af74919162fc89a2361383c165dd3ba35ac42d3f9061b50bf9ee11308fd9853e40f9e3e1e729bd8741df68
SSDEEP

3072:RB+UB25/XDXgRBBPQeGP7Cc8exDm0I7NYoCXYUzoU3o97b2KwJ2j6w9L9fD/9:RB+nXDXgRBBPQ5mc/aDU0Z9flVzfDF

Score

10^/10

strela stealer

Family

strela

45.9.74.176

Attributes

url_path
/server.php
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Detects Strela Stealer payload 3 IoCs

resource	yara_rule
behavioral1/memory/2196-0-0x00000000001F0000-0x0000000000212000-memory.dmp	family_strela
behavioral1/memory/2196-1-0x000007FEF8000000-0x000007FEF804A000-memory.dmp	family_strela
behavioral1/memory/2196-2-0x00000000001F0000-0x0000000000212000-memory.dmp	family_strela

Strela family
strela
Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d2dd072a45b4e1da1c20bd675ef1b0aeb2faa4f17013dfb54654ee7260c6def6N.dll
1⤵
PID:2196

memory/2196-0-0x00000000001F0000-0x0000000000212000-memory.dmp

Filesize
136KB

Download
memory/2196-1-0x000007FEF8000000-0x000007FEF804A000-memory.dmp

Filesize
296KB

Download
memory/2196-2-0x00000000001F0000-0x0000000000212000-memory.dmp

Filesize
136KB

Download