Overview

overview

10

Static

static

3

Electron V...V3.exe

windows7-x64

7

Electron V...V3.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Electron_V3.rar

  • Size

    9.2MB

  • Sample

    240610-vyjtvavarr

  • MD5

    57c67a45d8337a6e28a4a76d41428137

  • SHA1

    a2d30fb658e0e22db2b7589a3f57600f890d49df

  • SHA256

    00a1d4c5aed5320d9d225b4f23b567dec0b6a208ae0114150f6d8209be2fd252

  • SHA512

    6826c8ab3d02a30cf37270d23cf5375beed38a1a19ec8334084a5cbbac0b6c4b81cfb39a5fcb94929743784df08cce012a6000808f314694bf9ffc0d7824c42b

  • SSDEEP

    196608:z3j0MFirWtc9Espk4nM4x1afRMZii+fgW7nLyhz7hn2rRyozEB6OLlkrXJc:z3rVYEspzx14Rs+fgWShXh2rkozIPLlL

Score
10/10
exelastealerevasionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Electron V3/ElectronV3.exe

    • Size

      24.3MB

    • MD5

      e891973adb4e3a6edc9738b84e382be1

    • SHA1

      bab0eb519e90590a96599a52d14acf9041bcad2e

    • SHA256

      0e3daf09ae8042d432ce7aff2544762024590ac89bd6753f27fbf9fdce478b7f

    • SHA512

      4db3ac8856479698ab9513576d008d54f111355f437299f3b7254d8e70db5228e2d9f3cd7318c578f27009493539663c56a889647bb1de9c35ebb2e7c71713f9

    • SSDEEP

      196608:tO6xCmDAJediqShxWTMRHvUWvo3hxjno/w3iFCxHQbRpXpPr+5Py:cmShATMRHdgxro/w3uCxHQbZPY

    Score
    10/10
    upxexelastealerevasionpyinstallerspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Stub.pyc

    • Size

      799KB

    • MD5

      b83723d9ba3e5e2b477debe68a742f44

    • SHA1

      95ccea42491d08d975a7f93ce155bc3fd5649555

    • SHA256

      60e8697cfca7d2553b72d866e7e2b606e85148b91f340545ddec23d3fbffcc24

    • SHA512

      1e9c19f28b053274312354dea5feadacbfdc5ca0863f3e920939fd2bd947df5e0c5d320cfeaf4fe295334048c3f3a28607973887fef6a9ab11323d4a310209ae

    • SSDEEP

      12288:fNMfhPLKX/8JW9tZzzYy7JwZEs7Fm5Fr/mWZ71sWS7rnB+xJCRjI6kkZwyyehL:68XWWjZzzBuR+F7RgWSXBAKEk6EL

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks