General
-
Target
mass_report_script.exe
-
Size
24.8MB
-
Sample
240528-n6e3ascc58
-
MD5
0a3dc00e485234149ddb7faac2e32889
-
SHA1
dc911b14a639e139dae9f58e9e89c9f1a79e11af
-
SHA256
b78a86254b0752ed6cf71762e076d66209521ab81544bddac07129ae11a6ab3d
-
SHA512
6d0130c1104a0e01fe82aaca0ddfa6c015cc9749944d1cf544b567707e7d762a99af05ba327e07c11730b2e1be7408a3ff307b681106580bc004051b9efa123e
-
SSDEEP
393216:7PjV5L1V8dvvX+9/pWFGRiBsnOrIWeRaDH:7PjLROvX+9/pWHGhRq
Behavioral task
behavioral1
Sample
mass_report_script.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
mass_report_script.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Stub.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Stub.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
mass_report_script.exe
-
Size
24.8MB
-
MD5
0a3dc00e485234149ddb7faac2e32889
-
SHA1
dc911b14a639e139dae9f58e9e89c9f1a79e11af
-
SHA256
b78a86254b0752ed6cf71762e076d66209521ab81544bddac07129ae11a6ab3d
-
SHA512
6d0130c1104a0e01fe82aaca0ddfa6c015cc9749944d1cf544b567707e7d762a99af05ba327e07c11730b2e1be7408a3ff307b681106580bc004051b9efa123e
-
SSDEEP
393216:7PjV5L1V8dvvX+9/pWFGRiBsnOrIWeRaDH:7PjLROvX+9/pWHGhRq
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Stub.pyc
-
Size
876KB
-
MD5
9fbdec4dae910fe824e2a687cd880232
-
SHA1
8b462b769e74de90f8b4a4eeef434fbf9e552b71
-
SHA256
d1f14d6147531a91456f7a849b3c05f83ce2df8d5f49e464eb2ab29f243431d3
-
SHA512
008522d8fb9400d2aae32c6e3bb43eb3163ef3e2344b2b5cc1c8e5659cf5ba3d2d7c7b3012f7939efba5b9e103206062dc18a5f872398a3148c3e1f6d553a41c
-
SSDEEP
12288:L4qEsMM56G0XODlk09mDEpIUdJq+gh/1yKLGUt/zjjIpstn5eqSUcKExqo0Bpn:8qfwEDl79mDKwh/1yUtUpsbjzXn
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1