General
-
Target
Gambler-AI.exe
-
Size
24.7MB
-
Sample
240615-3cjkysyfpf
-
MD5
c420b385e0ce173ecbffc7df90f0fa9b
-
SHA1
fc924e44b47fb95368d32738b39d29165eff31a2
-
SHA256
9229117216317e7dcc00258d0f6dafedd23e33b4837ad0bfee498ac4e1372e97
-
SHA512
6af111a1f0da027d36103f850b2c504bfef729ed8e679ff46c4a6bbe9516798ee7df02696fa063f25f1c0a9f6378c84411e06548fb1991577d089f91b7ec704d
-
SSDEEP
196608:3hCXpentNSSwLRXgWPmpzdhqiyDOlbJlpZstQoS9Hf1BKXEymH3bS7C:ta5L1V8dm0xGt7G/Dym
Malware Config
Targets
-
-
Target
Gambler-AI.exe
-
Size
24.7MB
-
MD5
c420b385e0ce173ecbffc7df90f0fa9b
-
SHA1
fc924e44b47fb95368d32738b39d29165eff31a2
-
SHA256
9229117216317e7dcc00258d0f6dafedd23e33b4837ad0bfee498ac4e1372e97
-
SHA512
6af111a1f0da027d36103f850b2c504bfef729ed8e679ff46c4a6bbe9516798ee7df02696fa063f25f1c0a9f6378c84411e06548fb1991577d089f91b7ec704d
-
SSDEEP
196608:3hCXpentNSSwLRXgWPmpzdhqiyDOlbJlpZstQoS9Hf1BKXEymH3bS7C:ta5L1V8dm0xGt7G/Dym
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1