General
-
Target
bound.exe
-
Size
10.9MB
-
Sample
240903-ljw17avake
-
MD5
992c25b510eee69cab3a8970e8ccbe50
-
SHA1
e85962c2b750d3b74a7995b89013766f33396ed8
-
SHA256
923090b7a3ef2d31d7050ad4bc9bd38cfaf8199d9b25cf0ee7f2a6fddb5a993e
-
SHA512
399e56ea47f49ff71a19c60d096fbd3aaa6f673406470645bffdd96d8b497cf8f88feaef6b52a00a7215aaaf81f782e6fb76cb9523aa05f3ac9651317b515826
-
SSDEEP
196608:dyooMUBAYZDwZJb3tQk5tOeNvX+wfm/pf+xfdkRCnOK9Lr+N0EbwI:roMYZa7v5tRvX+9/pWFGRaJ9Lr+VbN
Malware Config
Targets
-
-
Target
bound.exe
-
Size
10.9MB
-
MD5
992c25b510eee69cab3a8970e8ccbe50
-
SHA1
e85962c2b750d3b74a7995b89013766f33396ed8
-
SHA256
923090b7a3ef2d31d7050ad4bc9bd38cfaf8199d9b25cf0ee7f2a6fddb5a993e
-
SHA512
399e56ea47f49ff71a19c60d096fbd3aaa6f673406470645bffdd96d8b497cf8f88feaef6b52a00a7215aaaf81f782e6fb76cb9523aa05f3ac9651317b515826
-
SSDEEP
196608:dyooMUBAYZDwZJb3tQk5tOeNvX+wfm/pf+xfdkRCnOK9Lr+N0EbwI:roMYZa7v5tRvX+9/pWFGRaJ9Lr+VbN
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1