General
-
Target
Electron V3.rar
-
Size
9.2MB
-
Sample
240706-phmmxaybjq
-
MD5
d54af3b230a07eda3384955a2f56f8f0
-
SHA1
93cbb921e45e34dcc93705d9ff19fa974e3243fd
-
SHA256
f574b6788dcf96f03c5a475477c950b2b01c30a0b84c286efd957e4c639eef75
-
SHA512
1e7f66a9938958e9afae04568e0e5761f31175f8ffe061873896c2c4ac8da9619ba08abf0067f23ee9f986b785a67e4a623dececdaa09d64f55d3a32f2463a6a
-
SSDEEP
196608:CZkD3rvgG9YOkcX2p1XxT1k7rJ5y+jUdNWHzmHSi+Tik56sZpDb8R4hqv:UkDUG9YfcG7xT1k7dhUdNWHA+Tia6sfg
Malware Config
Targets
-
-
Target
Electron V3.rar
-
Size
9.2MB
-
MD5
d54af3b230a07eda3384955a2f56f8f0
-
SHA1
93cbb921e45e34dcc93705d9ff19fa974e3243fd
-
SHA256
f574b6788dcf96f03c5a475477c950b2b01c30a0b84c286efd957e4c639eef75
-
SHA512
1e7f66a9938958e9afae04568e0e5761f31175f8ffe061873896c2c4ac8da9619ba08abf0067f23ee9f986b785a67e4a623dececdaa09d64f55d3a32f2463a6a
-
SSDEEP
196608:CZkD3rvgG9YOkcX2p1XxT1k7rJ5y+jUdNWHzmHSi+Tik56sZpDb8R4hqv:UkDUG9YfcG7xT1k7dhUdNWHA+Tia6sfg
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1