A Deep Dive into Strela Stealer and how it Targets European Countries

SUMMARY :

Strela Stealer is an infostealer targeting email clients in specific European countries. It exfiltrates login credentials from Mozilla Thunderbird and Microsoft Outlook. The malware is delivered through phishing campaigns, primarily affecting Spain, Italy, Germany, and Ukraine. Recent campaigns involve forwarding legitimate emails with malicious attachments. Strela Stealer employs custom obfuscation techniques and code-flow flattening to complicate analysis. The malware verifies the system's locale before executing, targeting specific language regions. It searches for email client profile data, encrypts it, and exfiltrates it to a command-and-control server. The infrastructure used by Strela Stealer is linked to Russian bulletproof hosting providers, suggesting potential ties to Russian threat actors.

OPENCTI LABELS :

phishing,infostealer,obfuscation,stellar loader,strela stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A Deep Dive into Strela Stealer and how it Targets European Countries