VERY IMPORTANT

Strela Stealer is an infostealer targeting email clients in specific European countries. It exfiltrates login credentials from Mozilla Thunderbird and Microsoft Outlook. The malware is delivered through phishing campaigns, primarily affecting Spain, Italy, Germany, and Ukraine. Recent campaigns involve forwarding legitimate emails with malicious attachments. Strela Stealer employs custom obfuscation techniques and code-flow flattening to complicate analysis. The malware verifies the system's locale before executing, targeting specific language regions. It searches for email client profile data, encrypts it, and exfiltrates it to a command-and-control server. The infrastructure used by Strela Stealer is linked to Russian bulletproof hosting providers, suggesting potential ties to Russian threat actors.