It is highly recommended to implement and maintain good email security controls, such as AV scanning and sandboxing, to help prevent phishing emails from being delivered to end users. Since the vast majority of malware is delivered via phishing emails, this step alone can help prevent a large number of malware campaigns from being unsuccessful in infecting an organization. It is also recommended to implement a blocklist of potentially suspicious email attachment file types, such as ISO, from any emails originating from outside the organization. This can also help prevent phishing emails from being delivered to end users or, at the very least, remove the malicious attachments from them. It is also recommended to implement and maintain good endpoint security controls, such as EDR, on all systems within an organization. While it can be difficult to prevent or detect information-stealing malware from performing their limited functions, there are other behaviors that are exhibited by the infection process that would be considered suspicious. An LNK file being executed from an ISO or mounted drive, a cmd.exe process executing rundll32.exe with an abnormal DLL file extension, and a rundll32.exe process making outbound network connections to suspicious IP addresses are all behaviors that can be detected and alerted upon. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.
https://www.bleepingcomputer.com/news/security/new-strelastealer-malware-steals-your-outlook-thunderbird-accounts/
https://medium.com/@DCSO_CyTec/shortandmalicious-strelastealer-aims-for-mail-credentials-a4c3e78c8abc
