General

  • Target

    af77c76a9466063cd1359427eeb5598f.bin

  • Size

    11.6MB

  • Sample

    240705-dbd7ea1bpj

  • MD5

    af77c76a9466063cd1359427eeb5598f

  • SHA1

    3f97eb6c5d8e4c679b2816c34f4cb4b630524c35

  • SHA256

    5801582ccca170d5185557ecd0314ce79b403ea1f664f71bb990e2a7d72d06cb

  • SHA512

    4e443cbc16acab41b1ef5ad333a67d1bb55f9c6ecbe0a164cbcfe9a81b23b5f6cc25fb398317d943f1cfcf19f9b38d5c6c6d323836c0962490cb6c528e9d1668

  • SSDEEP

    196608:j7D2QkuwuLomtSdurErvI9pWj+sgX3ZdahF0wB1A+SEpj4sCEk9VtQTNWVJ2:rKFytSdurEUWj/gXe7WORC7P6gK

Malware Config

Targets

    • Target

      af77c76a9466063cd1359427eeb5598f.bin

    • Size

      11.6MB

    • MD5

      af77c76a9466063cd1359427eeb5598f

    • SHA1

      3f97eb6c5d8e4c679b2816c34f4cb4b630524c35

    • SHA256

      5801582ccca170d5185557ecd0314ce79b403ea1f664f71bb990e2a7d72d06cb

    • SHA512

      4e443cbc16acab41b1ef5ad333a67d1bb55f9c6ecbe0a164cbcfe9a81b23b5f6cc25fb398317d943f1cfcf19f9b38d5c6c6d323836c0962490cb6c528e9d1668

    • SSDEEP

      196608:j7D2QkuwuLomtSdurErvI9pWj+sgX3ZdahF0wB1A+SEpj4sCEk9VtQTNWVJ2:rKFytSdurEUWj/gXe7WORC7P6gK

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks