A Deep Dive into Strela Stealer and how it Targets European Countries

SUMMARY :

Strela Stealer, an infostealer targeting email clients in specific European countries, has been active since late 2022. It focuses on exfiltrating credentials from Mozilla Thunderbird and Microsoft Outlook. The malware is delivered through phishing campaigns, primarily targeting Spain, Italy, Germany, and Ukraine. Recent attacks involve forwarding legitimate emails with malicious attachments. Strela Stealer employs multi-layer obfuscation and code-flow flattening to complicate analysis. The malware verifies the system's locale before executing, targeting specific German-speaking countries. It searches for email client profile data, encrypts it, and exfiltrates it to a command-and-control server. The infrastructure is linked to Russian bulletproof hosting providers, suggesting potential ties to Russian threat actors.

OPENCTI LABELS :

phishing,infostealer,stellar loader,strela stealer,locale-verification


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A Deep Dive into Strela Stealer and how it Targets European Countries