Overview

overview

10

Static

static

3

Fivem_cheat.exe

windows10-1703-x64

7

Fivem_cheat.exe

windows10-2004-x64

10

Stub.pyc

windows10-1703-x64

3

Stub.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fivem_cheat.exe

  • Size

    12.1MB

  • Sample

    240611-sgykka1ejb

  • MD5

    53eee25d8c041feb842994cd30346599

  • SHA1

    fc6e08edf9e3c6cce136032326cc8ed1cecff9fe

  • SHA256

    5780f104bb3a6f0c423cf4c296cc08de0254e9da627eddc8fc2740844974ef51

  • SHA512

    49254a4ffb7ff9a266f21390ebcabdafcc46a86f44e2f11c5adc7b68305f5104095eae5200d9c456893cdbc6c83cb220f95a0f6c8c17cc6274b5d57934b7de57

  • SSDEEP

    393216:rQdqyL01+l+uq+Vv2dQJlewF3MnG3xl5OBsnarIWeRaDH:rq/01+l+uqgv2dQT3MGx2GVRq

Score
10/10
exelastealerevasionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Fivem_cheat.exe

    • Size

      12.1MB

    • MD5

      53eee25d8c041feb842994cd30346599

    • SHA1

      fc6e08edf9e3c6cce136032326cc8ed1cecff9fe

    • SHA256

      5780f104bb3a6f0c423cf4c296cc08de0254e9da627eddc8fc2740844974ef51

    • SHA512

      49254a4ffb7ff9a266f21390ebcabdafcc46a86f44e2f11c5adc7b68305f5104095eae5200d9c456893cdbc6c83cb220f95a0f6c8c17cc6274b5d57934b7de57

    • SSDEEP

      393216:rQdqyL01+l+uq+Vv2dQJlewF3MnG3xl5OBsnarIWeRaDH:rq/01+l+uqgv2dQT3MGx2GVRq

    Score
    10/10
    exelastealerevasionpyinstallerspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Stub.pyc

    • Size

      198KB

    • MD5

      9c2cf95223bab098446b35f0fee344d8

    • SHA1

      174ec8cc8e45147f338afe9beeb7fed9bc441447

    • SHA256

      8aca7e89f3bd8b18baa035f687f6f6b4cb5bf88da347152849d305d55c413597

    • SHA512

      cd954a3b66cdbf66292550e9049a5b30b9d1d6d93e6fbad62c029fe612bc6329be4766d5ab6bd9eb366f71df48315870e6c60f9ca29b54c1c7f7da9aa251f472

    • SSDEEP

      6144:DeYPhrY7CTpZNhKYhYYYYY9YYUqbGSTgPm:WspLSbGSkm

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks