Overview

overview

10

Static

static

3

solus.exe

windows7-x64

7

solus.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    solus.exe

  • Size

    10.9MB

  • Sample

    240614-g3dxhasarp

  • MD5

    af73ea8cc8f06da1e59851205e34d589

  • SHA1

    5e902505b260fcd3c1625cd302624ae274f4cf3c

  • SHA256

    ce9e58f4dccb3a706feb5596d823f7fc560e314b10d71d3ecba1bb26ef3fbb6f

  • SHA512

    e74484b3b8900fd60c875a956667064f8d614282a10d7b6d33ac03face0f2262457f756d9ea74bf85729b64cbbf42ad868842ffe2059d1175ba983afae8d439b

  • SSDEEP

    196608:DhlCCyPA4mtSHeNvX+wfm/pf+xfdkRhZWKsnarIWOzW0DaqhH:b/vtSUvX+9/pWFGRDBsnarIWeRa2H

Score
10/10
exelastealerevasionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      solus.exe

    • Size

      10.9MB

    • MD5

      af73ea8cc8f06da1e59851205e34d589

    • SHA1

      5e902505b260fcd3c1625cd302624ae274f4cf3c

    • SHA256

      ce9e58f4dccb3a706feb5596d823f7fc560e314b10d71d3ecba1bb26ef3fbb6f

    • SHA512

      e74484b3b8900fd60c875a956667064f8d614282a10d7b6d33ac03face0f2262457f756d9ea74bf85729b64cbbf42ad868842ffe2059d1175ba983afae8d439b

    • SSDEEP

      196608:DhlCCyPA4mtSHeNvX+wfm/pf+xfdkRhZWKsnarIWOzW0DaqhH:b/vtSUvX+9/pWFGRDBsnarIWeRa2H

    Score
    10/10
    upxexelastealerevasionspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Stub.pyc

    • Size

      874KB

    • MD5

      f9369c0d943787d8d24ad6e60d338ece

    • SHA1

      f0f1d82b2c8f817f85630a1aafa9613d761d1f8a

    • SHA256

      1c10921d6f3272516f6d78dd4827d65e7fcc78210c84f31b13ee6c2d8b80cff3

    • SHA512

      7653577098f7b0a241e3d28bd160445b0ae49576217233eb0847d3ff474b63e03f63b9c68f0f620e4656623dae8f21e4a4bcab9d1c5325cf5461b313d54546d4

    • SSDEEP

      12288:SNMzgcDJP6+QPSQus/ukmLSdItqQXbbbqOESR1Gw3J/ZU926rfUbj7UXR5n2:SNMbPaSxJ3XXLPHGyegIfPB5n2

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks