Overview

overview

10

Static

static

3

Infinity.exe

windows7-x64

7

Infinity.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Infinity.exe

  • Size

    20.3MB

  • Sample

    240704-y82n7azdka

  • MD5

    992aea61feee13289e2aa31d203ef673

  • SHA1

    72733f031d64c29d8a0bffbfc6f29881e215881c

  • SHA256

    12fe45f52da38b0f313ad9bc6079ae3435d9accf4a8aabc7c0592fd5a62c2e02

  • SHA512

    85e14ab7cff6f8ae9b7750b714760fc23e3e373ff78e34606600d299608dc2bfcb012ef57570ac94a46714cf90a8501c60ccad9a212721f7e2a233c97667dd6a

  • SSDEEP

    196608:pzxPA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:VGvtSUvX+9/pWFGRiBsnarIWeRaDH

Score
10/10
exelastealerdefense_evasionevasionpersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Infinity.exe

    • Size

      20.3MB

    • MD5

      992aea61feee13289e2aa31d203ef673

    • SHA1

      72733f031d64c29d8a0bffbfc6f29881e215881c

    • SHA256

      12fe45f52da38b0f313ad9bc6079ae3435d9accf4a8aabc7c0592fd5a62c2e02

    • SHA512

      85e14ab7cff6f8ae9b7750b714760fc23e3e373ff78e34606600d299608dc2bfcb012ef57570ac94a46714cf90a8501c60ccad9a212721f7e2a233c97667dd6a

    • SSDEEP

      196608:pzxPA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:VGvtSUvX+9/pWFGRiBsnarIWeRaDH

    Score
    10/10
    upxexelastealerdefense_evasionevasionpersistenceprivilege_escalationpyinstallerspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

    • Target

      Stub.pyc

    • Size

      198KB

    • MD5

      6854be978a53c6d35514f1b4bfe7a6e1

    • SHA1

      fb33aa70ef1fd7d8cbfb5948039a87ea5fe64adc

    • SHA256

      3216b739bfb93ce54d9a75dd0b57162fd1d307d5db65aa8c9f0eaae86a62fb71

    • SHA512

      0876c9982d706fde01b21dd701548b0164cfa29f7457ff8a2a35a8ceab4d2dbecb181c1dd73a89502100c5c98ea82cdb2158d5c1e21fa5883018c9f88ae12cfe

    • SSDEEP

      6144:jeYPhfY7bj/mY8MYhYYYYY9YY5X/4+nIE:+L/hp/4+P

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Process Discovery

1
T1057

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks