General
-
Target
Exela-Grabber.exe
-
Size
10.8MB
-
Sample
240428-kddf8abh7v
-
MD5
ea71a1060ef6d60ede1f308d6f7636c9
-
SHA1
2d3f99f2b42b4fb256d0fecc84c9dcb28142605d
-
SHA256
b859162f97b3b09bc9a7e45a88f8558a1afaecbf592048eb1e4e77fffd0386af
-
SHA512
a7e0279eb6e18a3088a95d24e4ce2c5905574c9f926816cc08e6520bead865371572f52cd38d67ee65818a407a19bfebf634d15c6d44d5c81fb2d73012a61f86
-
SSDEEP
196608:ghUhNs2lPAWlz2Jp5UfLuseNvX+wfm/pf+xfdkR1ZWKsnqrIWOzW0DaqkH:NNs2CWh2Jp5MivX+9/pWFGRnBsnqrIWV
Behavioral task
behavioral1
Sample
Exela-Grabber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Exela-Grabber.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Exela-Grabber.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
Exela-Grabber.exe
-
Size
10.8MB
-
MD5
ea71a1060ef6d60ede1f308d6f7636c9
-
SHA1
2d3f99f2b42b4fb256d0fecc84c9dcb28142605d
-
SHA256
b859162f97b3b09bc9a7e45a88f8558a1afaecbf592048eb1e4e77fffd0386af
-
SHA512
a7e0279eb6e18a3088a95d24e4ce2c5905574c9f926816cc08e6520bead865371572f52cd38d67ee65818a407a19bfebf634d15c6d44d5c81fb2d73012a61f86
-
SSDEEP
196608:ghUhNs2lPAWlz2Jp5UfLuseNvX+wfm/pf+xfdkR1ZWKsnqrIWOzW0DaqkH:NNs2CWh2Jp5MivX+9/pWFGRnBsnqrIWV
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-