General
-
Target
7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a
-
Size
10.7MB
-
Sample
240708-mg2dkavbnr
-
MD5
f7f9d3c98351d9be736e7aafb3563561
-
SHA1
1f60f25b4b8f3f38a9f40680289554216c2f9924
-
SHA256
7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a
-
SHA512
fed3e1bb950d746f1ed4dffeb88259b2a6e8ad40afe161469e8b0cff7c70e40617d3ca1dffc2899d3ac35790d1817f1d54724ead5d5941d485c6c67070070a87
-
SSDEEP
196608:es+j9q6y7PuZANMUgvUExd8zeiHf/jC51U7BlUdinrDRQF6f1:eNBly7Pum3gvizei/rMGBa4nr1jt
Static task
static1
Behavioral task
behavioral1
Sample
7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a.exe
Resource
win11-20240704-en
Malware Config
Targets
-
-
Target
7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a
-
Size
10.7MB
-
MD5
f7f9d3c98351d9be736e7aafb3563561
-
SHA1
1f60f25b4b8f3f38a9f40680289554216c2f9924
-
SHA256
7bb30c9b75980b7bcd755d2d968077a2c8c582a0ca11e86ae9454d067182139a
-
SHA512
fed3e1bb950d746f1ed4dffeb88259b2a6e8ad40afe161469e8b0cff7c70e40617d3ca1dffc2899d3ac35790d1817f1d54724ead5d5941d485c6c67070070a87
-
SSDEEP
196608:es+j9q6y7PuZANMUgvUExd8zeiHf/jC51U7BlUdinrDRQF6f1:eNBly7Pum3gvizei/rMGBa4nr1jt
-
Detects Monster Stealer.
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1