Resubmissions
25-05-2024 18:31
240525-w59vaade9y 10General
-
Target
trace_protected.exe
-
Size
12.0MB
-
Sample
240525-w59vaade9y
-
MD5
c9bbc652ba5abb81c021314168bfda80
-
SHA1
5d612d6e76b906f86e8421af9d48c8197de7cafa
-
SHA256
b9dbc7f27a96478d340e44c2dc822ea78408f37c3eabc2ad594bfd947fb2693c
-
SHA512
74967c9bcebcd61dfe29cb5a18125028b6d6deadd6de278134fdd4022fccf9e4f182dbef9db508f528063db5c3fa7ce3bea7f5f45aef9e736a0cb3b8d2d8dddb
-
SSDEEP
196608:Ah4VX3PJpjjnuXJWIj8KkUx2R4NzZDfyGgywBdnpkYRM+2SENO:hPsJWQsUcR4NzZDfDgyc6I4
Behavioral task
behavioral1
Sample
trace_protected.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
trace_protected.exe
-
Size
12.0MB
-
MD5
c9bbc652ba5abb81c021314168bfda80
-
SHA1
5d612d6e76b906f86e8421af9d48c8197de7cafa
-
SHA256
b9dbc7f27a96478d340e44c2dc822ea78408f37c3eabc2ad594bfd947fb2693c
-
SHA512
74967c9bcebcd61dfe29cb5a18125028b6d6deadd6de278134fdd4022fccf9e4f182dbef9db508f528063db5c3fa7ce3bea7f5f45aef9e736a0cb3b8d2d8dddb
-
SSDEEP
196608:Ah4VX3PJpjjnuXJWIj8KkUx2R4NzZDfyGgywBdnpkYRM+2SENO:hPsJWQsUcR4NzZDfDgyc6I4
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1