General
-
Target
ElectronV3.exe
-
Size
15.9MB
-
Sample
240611-zcrd1s1bkb
-
MD5
bd6837c82f934d35cc491c6782b5eca9
-
SHA1
04dc587988b1ec2410b13ce0bfd6609148d025e2
-
SHA256
8a7b9383fe5aa95d526afc2719beb5c82b78233acb1805a94b7eca0485065df5
-
SHA512
7df88dcf00270cfa7e600a3ba46010608f2f37c432e26df9431d213ffec54a4c06d5f1e49d1e17d7d5b069663ec4b1904347c0af772ce73974f5986f35113bf7
-
SSDEEP
393216:MR1uxEftIX4XfMbYcp9a0gLmCZb0qIzrlBpGt7G/MvNbFeDlC:QoEfmXWMdp9a0qrb0qkrLeyC
Malware Config
Targets
-
-
Target
ElectronV3.exe
-
Size
15.9MB
-
MD5
bd6837c82f934d35cc491c6782b5eca9
-
SHA1
04dc587988b1ec2410b13ce0bfd6609148d025e2
-
SHA256
8a7b9383fe5aa95d526afc2719beb5c82b78233acb1805a94b7eca0485065df5
-
SHA512
7df88dcf00270cfa7e600a3ba46010608f2f37c432e26df9431d213ffec54a4c06d5f1e49d1e17d7d5b069663ec4b1904347c0af772ce73974f5986f35113bf7
-
SSDEEP
393216:MR1uxEftIX4XfMbYcp9a0gLmCZb0qIzrlBpGt7G/MvNbFeDlC:QoEfmXWMdp9a0qrb0qkrLeyC
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1