Strela Stealer Targets Europe Stealthily Via WebDav

216.73.216.6

Strela Stealer Targets Europe Stealthily Via WebDav

· Published 30/10/2024 21:45 · Modified 30/10/2024 22:31

Essential information

Published: 30/10/2024 21:45
Modified: 30/10/2024 22:31
Tags: 2024-10-30 dll file infostealer javascript code phishing powershell strela webdav webdav server zip file
Related entities: 103 observables, 14 techniques (mitre), 1 malware, 7 others

Description

Strela Stealer, first identified by DCSO in late 2022, is a type of information-stealing malware primarily designed to exfiltrate email account credentials from widely used email clients, including Microsoft Outlook and Mozilla Thunderbird. This malware initially targeted Spanish-speaking users through spam email campaigns containing malicious ISO attachments, which included a .lnk file and a polyglot file. When executed, the .lnk file triggered the polyglot file, executing both the lure html and Strela stealer DLL using “rundll32.exe”.

External references

https://cyble.com/blog/strela-stealer-targets-europe-stealthily-via-webdav/
https://otx.alienvault.com/pulse/6722a8e21adc9ea3cc28ec74