General
-
Target
WaveInstaller (2).exe
-
Size
10.4MB
-
Sample
240719-qle8nstaml
-
MD5
56a4d33799e01d75bf5e8f740f83e897
-
SHA1
ea5f93334629059aeb46244112a93753310f3634
-
SHA256
f11256d219127c83f602f1063c935c75a0289f2511a0ddd0bdf2f9a9a651c157
-
SHA512
16262b4b75ed0fe80c7a871d4f49f3bc8c813e20b97fdc95e2f36533eb8c8320a0b1cc2ca24f205bfe930ac3fbd906c491b5b553839b4a0ceb9bbb26ca750fac
-
SSDEEP
196608:c11Eoq7n0jc/bPeNrYFJMIDJ+gsAGK0X/O2xR4QgESjfygWZz2:Zb7n0jcw8Fqy+gs1Nntir
Malware Config
Targets
-
-
Target
WaveInstaller (2).exe
-
Size
10.4MB
-
MD5
56a4d33799e01d75bf5e8f740f83e897
-
SHA1
ea5f93334629059aeb46244112a93753310f3634
-
SHA256
f11256d219127c83f602f1063c935c75a0289f2511a0ddd0bdf2f9a9a651c157
-
SHA512
16262b4b75ed0fe80c7a871d4f49f3bc8c813e20b97fdc95e2f36533eb8c8320a0b1cc2ca24f205bfe930ac3fbd906c491b5b553839b4a0ceb9bbb26ca750fac
-
SSDEEP
196608:c11Eoq7n0jc/bPeNrYFJMIDJ+gsAGK0X/O2xR4QgESjfygWZz2:Zb7n0jcw8Fqy+gs1Nntir
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Stub.pyc
-
Size
799KB
-
MD5
705da82030cf97b716a775f4a4335381
-
SHA1
8cea03a5d4fcd6fbada33bbab15ef35d2e3a5a8d
-
SHA256
6153089a1d50a4e2970527068ab4ec986ba69c0b99d671b2fdf7caa7e9b0bb52
-
SHA512
28353cc9a587b4e6a197858f722cd9d68b666909b91f761c29291f3824299f96eea04f0271e4597463696030aee10f7f1b317bff3cb48327226bfbd3839d8a57
-
SSDEEP
24576:yq+9LVYGL67E0JzuJPKTXT7DFo4mEJIRo:kLZ0QJ+LX
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Change Default File Association
1Component Object Model Hijacking
1Netsh Helper DLL
1