← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Strela Stealer Targets Europe Stealthily Via WebDav
WHITE AlienVault 2024-10-30 Modified: 2024-11-29
111
IOCs
HIGH VOLUME
Strela Stealer, first identified by DCSO in late 2022, is a type of information-stealing malware primarily designed to exfiltrate email account credentials from widely used email clients, including Microsoft Outlook and Mozilla Thunderbird. This malware initially targeted Spanish-speaking users through spam email campaigns containing malicious ISO attachments, which included a .lnk file and a polyglot file. When executed, the .lnk file triggered the polyglot file, executing both the lure html and Strela stealer DLL using “rundll32.exe”.
zip filewebdav serverdll filejavascript codepowershellwebdavphishingstrelainfostealer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Strela
Indicators of Compromise (5 / 111 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1125f2302b70b848aa4fac0f8e78a854 MD5 of cd39bec789b79d9ea6a642ab2ddc93121f5596de21e3b13c335ceaddb83f2083 2024-10-30
FileHash-MD5 7bdbd180c081fa63ca94f9c22c457376 MD5 of a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 2024-10-30
FileHash-MD5 8c69830a50fb85d8a794fa46643493b2 MD5 of c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 2024-10-30
FileHash-MD5 9375cff0413111d3b88a00104b2a6676 2024-10-30
FileHash-MD5 bbcf7a68f4164a9f5f5cb2d9f30d9790 2024-10-30
References (1)
↗ https://cyble.com/blog/strela-stealer-targets-europe-stealthily-via-webdav/