Overview

overview

10

Static

static

3

Electron_V3.rar

windows7-x64

7

Electron_V3.rar

windows10-2004-x64

3

Electron V...V3.exe

windows7-x64

7

Electron V...V3.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Electron V...ee.txt

windows7-x64

1

Electron V...ee.txt

windows10-2004-x64

1

Electron V...ld.txt

windows7-x64

1

Electron V...ld.txt

windows10-2004-x64

1

Electron V..._FE.iy

windows7-x64

3

Electron V..._FE.iy

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Electron_V3.rar

  • Size

    9.2MB

  • Sample

    240616-dhpaysxaqa

  • MD5

    fbe283fc15dc57ad0f25d72dedb8a5b9

  • SHA1

    beb76515f083d88672b823f3e2ef9b836454a557

  • SHA256

    ad55d24fac5d5589bf1736d5e6c91382588c5b033028221d043ee348a1530351

  • SHA512

    cea048ea437ee03a99ec3b8845bd8b9c08ffef1d37267ad691ed0b1825f9540a1395debcd9ec5c306f9f22e372feb876e77a418b524d0b41d8e08b2da7cc8223

  • SSDEEP

    196608:our/N03RNWweQm1VNd4i+8ti++GKEJ6LS2cerBvRJIsRi:1rALWweQInd4hZ++GKEJb2pvXIsk

Score
10/10
exelastealerevasionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Electron_V3.rar

    • Size

      9.2MB

    • MD5

      fbe283fc15dc57ad0f25d72dedb8a5b9

    • SHA1

      beb76515f083d88672b823f3e2ef9b836454a557

    • SHA256

      ad55d24fac5d5589bf1736d5e6c91382588c5b033028221d043ee348a1530351

    • SHA512

      cea048ea437ee03a99ec3b8845bd8b9c08ffef1d37267ad691ed0b1825f9540a1395debcd9ec5c306f9f22e372feb876e77a418b524d0b41d8e08b2da7cc8223

    • SSDEEP

      196608:our/N03RNWweQm1VNd4i+8ti++GKEJ6LS2cerBvRJIsRi:1rALWweQInd4hZ++GKEJb2pvXIsk

    Score
    7/10
    pyinstallerupx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      Electron V3/ElectronV3.exe

    • Size

      19.3MB

    • MD5

      6c58afddbf1cfb6508ae8850cce5ff83

    • SHA1

      e65d692de987d61b8e0da027ebba7fedce36388a

    • SHA256

      d969b54cbe96cf4b85769e4786950fc1ed1efcc089ae52d95f7d2e2b40fb5528

    • SHA512

      4bd32e870ea38c8af1d6bc3ee3cf09c242eb5537cd69f225a6da057abf0260d08807b035648f594a6d29c407e4b6948d6478aa41244ba40a0044ccb560b0e84c

    • SSDEEP

      196608:J5MCxCmDAJediqShxWTMRHvUWvo3hxjno/w3iFCxHQbRpXTgK/P/d:MOShATMRHdgxro/w3uCxHQbDgGN

    Score
    10/10
    upxexelastealerevasionpyinstallerspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      Stub.pyc

    • Size

      799KB

    • MD5

      3dd11a422a85bf21991c91cc4ebc86f3

    • SHA1

      a284a45d149a08651b3a8aa6d4ef5a681ec18a84

    • SHA256

      2e68cc2129614db2298407b65ec3cf66737dbf2000930892b1ce7ec06aa925b2

    • SHA512

      f4b70bb78ef65db720a4ddd4e99fb54695bde2f239827de2f6eb1e042f65723960c3c048ec0e0eaf6b22748436effcf759a866edae19d3aae7bf1ba17ef4a6b1

    • SSDEEP

      24576:a+DCb4zPgsdglnISMYDNipaKgXPwE77hk:aTsdFS9JXlfhk

    Score
    3/10
    behavioral5behavioral6

    • Target

      Electron V3/bin/agree.txt

    • Size

      4B

    • MD5

      b326b5062b2f0e69046810717534cb09

    • SHA1

      5ffe533b830f08a0326348a9160afafc8ada44db

    • SHA256

      b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

    • SHA512

      9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de

    Score
    1/10
    behavioral7behavioral8

    • Target

      Electron V3/scripts/Inf Yield.txt

    • Size

      98B

    • MD5

      727b09f7da97df9cf7eb1bbe0eb19fed

    • SHA1

      24b31b8e25757f0b3c94c143435fcbd084eb3c52

    • SHA256

      eabc284aad668b0911ea92fea5b0fcd2803fbfdf651b5fa0b4cf5e0b63544a12

    • SHA512

      af379acccefb60b1ca465076469c57d09f846467b94f4ae500dcaf0c69e4418d2bf5cac3af89ad3e177291ce1d63d0649f34bc5ebeec714b66d98b365901360e

    Score
    1/10
    behavioral10behavioral9

    • Target

      Electron V3/workspace/IY_FE.iy

    • Size

      539B

    • MD5

      291d5636a434c4f1ceb0f3f776c2a51f

    • SHA1

      ae287e08f71c522a72812f0dace94b8ffb569341

    • SHA256

      73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452

    • SHA512

      7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks