General
-
Target
af77c76a9466063cd1359427eeb5598f.bin
-
Size
11.6MB
-
Sample
240705-dbd7ea1bpj
-
MD5
af77c76a9466063cd1359427eeb5598f
-
SHA1
3f97eb6c5d8e4c679b2816c34f4cb4b630524c35
-
SHA256
5801582ccca170d5185557ecd0314ce79b403ea1f664f71bb990e2a7d72d06cb
-
SHA512
4e443cbc16acab41b1ef5ad333a67d1bb55f9c6ecbe0a164cbcfe9a81b23b5f6cc25fb398317d943f1cfcf19f9b38d5c6c6d323836c0962490cb6c528e9d1668
-
SSDEEP
196608:j7D2QkuwuLomtSdurErvI9pWj+sgX3ZdahF0wB1A+SEpj4sCEk9VtQTNWVJ2:rKFytSdurEUWj/gXe7WORC7P6gK
Behavioral task
behavioral1
Sample
af77c76a9466063cd1359427eeb5598f.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
af77c76a9466063cd1359427eeb5598f.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
af77c76a9466063cd1359427eeb5598f.bin
-
Size
11.6MB
-
MD5
af77c76a9466063cd1359427eeb5598f
-
SHA1
3f97eb6c5d8e4c679b2816c34f4cb4b630524c35
-
SHA256
5801582ccca170d5185557ecd0314ce79b403ea1f664f71bb990e2a7d72d06cb
-
SHA512
4e443cbc16acab41b1ef5ad333a67d1bb55f9c6ecbe0a164cbcfe9a81b23b5f6cc25fb398317d943f1cfcf19f9b38d5c6c6d323836c0962490cb6c528e9d1668
-
SSDEEP
196608:j7D2QkuwuLomtSdurErvI9pWj+sgX3ZdahF0wB1A+SEpj4sCEk9VtQTNWVJ2:rKFytSdurEUWj/gXe7WORC7P6gK
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1