Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

StrelaStealer (Infostealer) – Malware

April 8, 2024
Reading Time: 5 mins read
in Malware
StrelaStealer (Infostealer) – Malware

StrelaStealer

Type of Malware

Infostealer

Country of Origin

Unknown

Date of initial activity

2022

Associated Groups

Unknown

Targeted Countries

US and EU

Motivation

The main purpose of StrelaStealer is to steal email login data from well-known email clients and send it back to the C2 server defined in the malware configuration

Attack vectors

Earlier versions of StrelaStealer infect the system via email with an attached .iso file. The last version of StrelaStealer spreads through spear phishing emails that contain a ZIP file attachment.

Targeted systems

Windows

Variants

Unknown

Overview

The StrelaStealer malware is an evolving threat designed to steal email credentials by targeting popular email clients. Once compromised, the attacker gains unauthorized access to the victim’s email account, facilitating further malicious actions. Since its emergence in 2022, the threat actor orchestrating StrelaStealer has conducted numerous extensive email campaigns, continually updating the malware and its delivery methods to evade detection by security measures.

Targets

Since the first emergence of the malware, the threat actor behind StrelaStealer has launched multiple large-scale email campaigns, typically across the EU and U.S. Recent campaigns seems to target organizations in many industries, organizations in the high tech industry have been the largest target.

Techniques Used

DISCOVERY
  • Software Discovery – Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment.
  • File and Directory Discovery – Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
  • Query Registry – Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
  • System Information Discovery – Adversaries may attempt to get detailed information about a device’s operating system and hardware, including versions, patches, and architecture.
EXECUTION
  • Windows Command Shell – Adversaries may abuse the Windows command shell for execution. The Windows command shell (cmd) is the primary command prompt on Windows systems.
  • JavaScript – Adversaries may abuse various implementations of JavaScript for execution. JavaScript is a platform-independent scripting language commonly associated with scripts in webpages, though JS can be executed in runtime environments outside the browser.
DEFENSE EVASION
  • Obfuscated Files or Information – Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.
  • RunDLL32 – Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly, may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations.
  • Deobfuscate/Decode Files or Information – Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis.
  • Debugger Evasion – Adversaries may employ various means to detect and avoid debuggers.
INITIAL ACCESS
  • Spearphishing Attachment  – Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.
COLLECTION
  • Archive Collected Data – An adversary may compress and/or encrypt data that is collected prior to exfiltration.
  • Automated Collection – Once established within a system or network, an adversary may use automated techniques for collecting internal data.
  • Data from Local System – Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
  • Email Collection – Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries.
EXFILTRATION
  • Exfiltration Over C2 Channel – Adversaries may steal data by exfiltrating it over an existing command and control channel.

Significant Malware Campaigns

  • StrelaStealer Aims for European Nations. (April 2024)
  • StrelaStealer malware steals email login data from well-known email clients. (March 2024)
  • Strela malware landed in Italy. (May 2023)
  • StrelaStealer is an infostealer variant initially discovered back in 2022 and known to be targeting specifically Spanish users. (May 2023)
  • ASEC analysis team confirms that StrelaStealer Infostealer is being distributed to Spanish users. (May 2023)
  • StrelaStealer is actively stealing email account credentials from Outlook and Thunderbird. (November 2022)
References:
  • Updated StrelaStealer Targeting European Countries
  • Large-Scale StrelaStealer Campaign in Early 2024
  • Technical Analysis and Considerations on Strela Malware
  • StrelaStealer malware continues to target Spanish users
  • StrelaStealer Being Distributed To Spanish Users
  • New StrelaStealer malware steals your Outlook, Thunderbird accounts
  • ShortAndMalicious: StrelaStealer aims for mail credentials
Tags: EUInfostealersJavascriptMalwareRunDLL32StrelaStealerUSAWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

New OttoKit Flaw Targets WordPress Sites

Mirai Botnet Exploits Vulnerabilities in IoT

Critical Kibana Flaws Allows Code Execution

Subscribe to our newsletter

    Latest Incidents

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    UK Legal Aid Agency Faces Cyber Incident

    South African Airways Hit by Cyberattack

    Coweta County School System Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial