General
-
Target
WaveInstaller (2).exe
-
Size
10.4MB
-
Sample
240719-qmxt4swgqf
-
MD5
56a4d33799e01d75bf5e8f740f83e897
-
SHA1
ea5f93334629059aeb46244112a93753310f3634
-
SHA256
f11256d219127c83f602f1063c935c75a0289f2511a0ddd0bdf2f9a9a651c157
-
SHA512
16262b4b75ed0fe80c7a871d4f49f3bc8c813e20b97fdc95e2f36533eb8c8320a0b1cc2ca24f205bfe930ac3fbd906c491b5b553839b4a0ceb9bbb26ca750fac
-
SSDEEP
196608:c11Eoq7n0jc/bPeNrYFJMIDJ+gsAGK0X/O2xR4QgESjfygWZz2:Zb7n0jcw8Fqy+gs1Nntir
Malware Config
Targets
-
-
Target
WaveInstaller (2).exe
-
Size
10.4MB
-
MD5
56a4d33799e01d75bf5e8f740f83e897
-
SHA1
ea5f93334629059aeb46244112a93753310f3634
-
SHA256
f11256d219127c83f602f1063c935c75a0289f2511a0ddd0bdf2f9a9a651c157
-
SHA512
16262b4b75ed0fe80c7a871d4f49f3bc8c813e20b97fdc95e2f36533eb8c8320a0b1cc2ca24f205bfe930ac3fbd906c491b5b553839b4a0ceb9bbb26ca750fac
-
SSDEEP
196608:c11Eoq7n0jc/bPeNrYFJMIDJ+gsAGK0X/O2xR4QgESjfygWZz2:Zb7n0jcw8Fqy+gs1Nntir
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Stub.pyc
-
Size
799KB
-
MD5
705da82030cf97b716a775f4a4335381
-
SHA1
8cea03a5d4fcd6fbada33bbab15ef35d2e3a5a8d
-
SHA256
6153089a1d50a4e2970527068ab4ec986ba69c0b99d671b2fdf7caa7e9b0bb52
-
SHA512
28353cc9a587b4e6a197858f722cd9d68b666909b91f761c29291f3824299f96eea04f0271e4597463696030aee10f7f1b317bff3cb48327226bfbd3839d8a57
-
SSDEEP
24576:yq+9LVYGL67E0JzuJPKTXT7DFo4mEJIRo:kLZ0QJ+LX
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1