General
-
Target
ElectronV3.exe
-
Size
24.3MB
-
Sample
240611-lx88nstblm
-
MD5
e891973adb4e3a6edc9738b84e382be1
-
SHA1
bab0eb519e90590a96599a52d14acf9041bcad2e
-
SHA256
0e3daf09ae8042d432ce7aff2544762024590ac89bd6753f27fbf9fdce478b7f
-
SHA512
4db3ac8856479698ab9513576d008d54f111355f437299f3b7254d8e70db5228e2d9f3cd7318c578f27009493539663c56a889647bb1de9c35ebb2e7c71713f9
-
SSDEEP
196608:tO6xCmDAJediqShxWTMRHvUWvo3hxjno/w3iFCxHQbRpXpPr+5Py:cmShATMRHdgxro/w3uCxHQbZPY
Malware Config
Targets
-
-
Target
ElectronV3.exe
-
Size
24.3MB
-
MD5
e891973adb4e3a6edc9738b84e382be1
-
SHA1
bab0eb519e90590a96599a52d14acf9041bcad2e
-
SHA256
0e3daf09ae8042d432ce7aff2544762024590ac89bd6753f27fbf9fdce478b7f
-
SHA512
4db3ac8856479698ab9513576d008d54f111355f437299f3b7254d8e70db5228e2d9f3cd7318c578f27009493539663c56a889647bb1de9c35ebb2e7c71713f9
-
SSDEEP
196608:tO6xCmDAJediqShxWTMRHvUWvo3hxjno/w3iFCxHQbRpXpPr+5Py:cmShATMRHdgxro/w3uCxHQbZPY
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1