General
-
Target
Electron V3.rar
-
Size
9.2MB
-
Sample
240630-t5hppa1aqc
-
MD5
0e4ce2f959093139fb9931e634292c39
-
SHA1
9d16e91e05a6cb558052065ede98c2d9ed448620
-
SHA256
053354062f3ad68617191b0009df9cad0f1dc79da34bfce46d235ec375a4eb5c
-
SHA512
68ea1a4fb5e85e2e25266e4e046cf7073e55bf0918186d9dd981666b1ab5c6796768897edc4444f899c390cdc58decc9a244d035e481e15d6f501dc852150f48
-
SSDEEP
196608:bXJnoPUVU3pBzDEiCDpG9DbPfKjIHUUkpi+T9800p3LO32IRyJ119Psa:DJoF3nstDpGdK0HUvI+T980gyhYJ119z
Malware Config
Targets
-
-
Target
Electron V3.rar
-
Size
9.2MB
-
MD5
0e4ce2f959093139fb9931e634292c39
-
SHA1
9d16e91e05a6cb558052065ede98c2d9ed448620
-
SHA256
053354062f3ad68617191b0009df9cad0f1dc79da34bfce46d235ec375a4eb5c
-
SHA512
68ea1a4fb5e85e2e25266e4e046cf7073e55bf0918186d9dd981666b1ab5c6796768897edc4444f899c390cdc58decc9a244d035e481e15d6f501dc852150f48
-
SSDEEP
196608:bXJnoPUVU3pBzDEiCDpG9DbPfKjIHUUkpi+T9800p3LO32IRyJ119Psa:DJoF3nstDpGdK0HUvI+T980gyhYJ119z
Score3/10 -
-
-
Target
Electron V3/ElectronV3.exe
-
Size
24.3MB
-
MD5
581804ae67622d1bd0cad82e858f4d8f
-
SHA1
946a2821cfd1f378d088a67cce87dc407aca5eb6
-
SHA256
ab7a27e2d687101fbf523100304a632fe3dde3deebc6e8189d975da23c663282
-
SHA512
4b13b34cbd839135a5553f91076dcd43262a89b1255aa954cbeeed1562e284581a1d0cbe06530690d65e06a7804d99d5c695f833dc23198bdad1d85abf5c5b72
-
SSDEEP
196608:s9/cxCmDAJediqShxWTMRHvUWvo3hxjno/w3iFCxHQbRpXm5hexVPHh:VShATMRHdgxro/w3uCxHQbW54VZ
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Stub.pyc
-
Size
799KB
-
MD5
5b1010317f9d2e326825ea6619255c29
-
SHA1
f4ca66a814fc52e579d63cc51ae4f39a7b43ac06
-
SHA256
6d0e0e18ff67fa40b8f2455fcc5953360cf56ba3255fbe45e9fd3f0a6130dd0e
-
SHA512
4eb42ed26aa7a85e8d730dc4c159f54c100af373e368f8d1fd6cebd4093c4bcecf91aea8d5b367d03784a70ee07c54b7f16aeea1d50939ad49bfb2e2221414fb
-
SSDEEP
12288:G+/3RaioJUngD/ong4CR99VIlZ+rY8j7Vjebge1WbF/jbZCQCTrTZu5PfaG:tBxAKZLaIGrY8j7V6bfW5jbingPB
Score3/10 -
-
-
Target
Electron V3/bin/agree.txt
-
Size
4B
-
MD5
b326b5062b2f0e69046810717534cb09
-
SHA1
5ffe533b830f08a0326348a9160afafc8ada44db
-
SHA256
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
-
SHA512
9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de
Score1/10 -
-
-
Target
Electron V3/scripts/Inf Yield.txt
-
Size
98B
-
MD5
727b09f7da97df9cf7eb1bbe0eb19fed
-
SHA1
24b31b8e25757f0b3c94c143435fcbd084eb3c52
-
SHA256
eabc284aad668b0911ea92fea5b0fcd2803fbfdf651b5fa0b4cf5e0b63544a12
-
SHA512
af379acccefb60b1ca465076469c57d09f846467b94f4ae500dcaf0c69e4418d2bf5cac3af89ad3e177291ce1d63d0649f34bc5ebeec714b66d98b365901360e
Score1/10 -
-
-
Target
Electron V3/workspace/IY_FE.iy
-
Size
539B
-
MD5
291d5636a434c4f1ceb0f3f776c2a51f
-
SHA1
ae287e08f71c522a72812f0dace94b8ffb569341
-
SHA256
73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
-
SHA512
7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1