Overview

overview

10

Static

static

3

New folder (5).rar

windows7-x64

3

New folder (5).rar

windows10-2004-x64

3

New folder...es.iso

windows7-x64

3

New folder...es.iso

windows10-2004-x64

3

New folder...ty.iso

windows7-x64

3

New folder...ty.iso

windows10-2004-x64

3

New folder...FO.txt

windows7-x64

1

New folder...FO.txt

windows10-2004-x64

1

New folder...s.json

windows7-x64

3

New folder...s.json

windows10-2004-x64

3

New folder...ect.js

windows7-x64

3

New folder...ect.js

windows10-2004-x64

3

New folder...DS.cdn

windows7-x64

3

New folder...DS.cdn

windows10-2004-x64

3

New folder...gR.dll

windows7-x64

1

New folder...gR.dll

windows10-2004-x64

1

New folder...NT.txt

windows7-x64

1

New folder...NT.txt

windows10-2004-x64

1

New folder...er.exe

windows7-x64

7

New folder...er.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder (5).rar

  • Size

    11.9MB

  • Sample

    240906-h8kgxatclp

  • MD5

    4a0dd87c4fb8026a8784e923241d6f68

  • SHA1

    3917c019bbf82012168e25991cc49d69ea6a0f9f

  • SHA256

    03c83b3f458226a90a644b6894608c3d46c59cda2e62fd8654a7bfb1af241d36

  • SHA512

    bb868b1657d492f032e19a5596e9277900ae494561652697581e88db6344f8a6e6b0344b8acb3bf47e78b4bce2536f508989a9cec1510920143e1fc692feef85

  • SSDEEP

    196608:bUgWXJKju18YRhUm5mFKaREp8tpDJrQN1Pm55P8VhLtD5XZQqtk4JieCY:bUg8KKuHEDKFW1+antk4JSY

Score
10/10
exelastealercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationpyinstallerspywarestealer

Malware Config

Targets

    • Target

      New folder (5).rar

    • Size

      11.9MB

    • MD5

      4a0dd87c4fb8026a8784e923241d6f68

    • SHA1

      3917c019bbf82012168e25991cc49d69ea6a0f9f

    • SHA256

      03c83b3f458226a90a644b6894608c3d46c59cda2e62fd8654a7bfb1af241d36

    • SHA512

      bb868b1657d492f032e19a5596e9277900ae494561652697581e88db6344f8a6e6b0344b8acb3bf47e78b4bce2536f508989a9cec1510920143e1fc692feef85

    • SSDEEP

      196608:bUgWXJKju18YRhUm5mFKaREp8tpDJrQN1Pm55P8VhLtD5XZQqtk4JieCY:bUg8KKuHEDKFW1+antk4JSY

    Score
    3/10
    behavioral1behavioral2

    • Target

      New folder (5)/GUI/Frames.iso

    • Size

      820B

    • MD5

      66d261cd29d603d80d19c4164f983fe5

    • SHA1

      f448bcc7e20bde8c3cb7fff297cc8072090a1de9

    • SHA256

      507e7a4fa00e7b3d1fc6e56b30f7bd6f16422f0d57b8f07eba29fb8d7f6e5a57

    • SHA512

      cb262330d1be5400f607dcc96ea866d2dbfa5831a3b68e6837ea7ef83908587872f0337087882492cc6d41b50ddc759d1445ae4f1c21ed35d9ff9cb75b1c6bc4

    Score
    3/10
    behavioral3behavioral4

    • Target

      New folder (5)/GUI/Quality.iso

    • Size

      1KB

    • MD5

      a54948357212ceaaa6b98c28d5fa24d4

    • SHA1

      96f5d86cc90cd80ccf19fd5a4e8c0f31fc85efea

    • SHA256

      a95f3b22751db5c9a0614297713a7286d3cedc58f4dd5c4ffdbff12386a563e7

    • SHA512

      8365e5c5e48013e93d6d77093101ef9aecba0967ca9780e7f30c27e5365b5f4a4fc3428079f9b4be6735095891ef430eeeaa551035f3092383b83a6855f06470

    Score
    3/10
    behavioral5behavioral6

    • Target

      New folder (5)/INFO.txt

    • Size

      247B

    • MD5

      cc8a8665b97d2e072fe0e73cfc3cea82

    • SHA1

      302833fe29bb2e2bf70be9db277a121131da78c0

    • SHA256

      01e975ad3f61c5df678889dc5d98bc62eb6dbcef8ac9d93738a5dbcbe8682e33

    • SHA512

      ab5b182f3c71abe73c64341c7df9cfa093c7b9e03ad67d03a1c047664184a463953ae2c5ed037c60cbe8702b1846b7b225a5839fec791e8fa30455dbc3b8a8f9

    Score
    1/10
    behavioral7behavioral8

    • Target

      New folder (5)/Loader/Frames.json

    • Size

      1KB

    • MD5

      776f5aa9b4889732626e2e9ac6aaf165

    • SHA1

      7f7586204843e6be078b27007392573c1504799e

    • SHA256

      c798342be8ccd4452d42a513aaec635c21b9608b3fa82e54b330f0ae75769d87

    • SHA512

      c82b98af32a6e60545861fa2c0f3a0ad488724228ec3aef6a0fbc083e3a95978dbe8fbe16d83d0213342be56b043f1c7e2f82c3909f857b0d5b978dc31c48e85

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      New folder (5)/Loader/Gui Connect.api

    • Size

      1KB

    • MD5

      957021b88f2328790471758d1a341225

    • SHA1

      a1d69fd45dceb54924c2b595758b76da1473cf3b

    • SHA256

      9b1eff2282966753093378956f7ac089c915c6727b0387026dd61523d59f414e

    • SHA512

      be56581801bca5bebfe46818183f3aaaf6633cf9b00b4ff17aa468cb17506f7f2f2609f62c9dc56cfd3c9ed00a08b958639ff3f4e9e63eb19947d829fc971a89

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      New folder (5)/Loader/key_format/KeyBINDS.cdn

    • Size

      880B

    • MD5

      3eac8cddf55223d12c4631d1995ab98d

    • SHA1

      c6d2acde556f74d55db441b66b6af6a895f5ecf9

    • SHA256

      0734aad97c0e42f46db7052797944e08813b61e7251fe43300f05aba5febe9eb

    • SHA512

      f05a1c70b0ec532587b59f942d6eca5b989f1f88012636b53e817a52eff4fce85fc7da1479accdb5a8fed71301508289eb18840f8030682e177e15f3546324c9

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      New folder (5)/QllzgR.dll

    • Size

      3KB

    • MD5

      5734a9c64b0aae83857da23546b17ac5

    • SHA1

      4bdc872a44c77d31cbc591ea9076be485e71f1a8

    • SHA256

      ea315df17400825437b2e8eb16d1fd7382fa6f7c27a6d6cddd9970fcfc60df68

    • SHA512

      6dc5ae0971a308f1d2d9960d9a682fe34512e70a63e605371f8fb45c9418f1757993ff093e691ddaed680039fb718c69d92c47581ed1a4cea2b5e0ad0d54555b

    Score
    1/10
    behavioral15behavioral16

    • Target

      New folder (5)/READ ME!!/DEVELOPMENT.txt

    • Size

      461B

    • MD5

      511cff6d41fe4bfe04e44bd0d4179a78

    • SHA1

      1de7e472c5ddf13b00391a71bfdea13deec9f43a

    • SHA256

      cbcf76c370cf21b154b42762858226130f51f7f4d4d04ced1a772912bbdc397f

    • SHA512

      21405d708ee0fce4dad28581c2dd9241fba9b83660fe2ccea3707f6969051b01b3381bf77f87c310f139d343bb67e8fab312409239f5a9baab6574049ab55c15

    Score
    1/10
    behavioral17behavioral18

    • Target

      New folder (5)/Skin Changer.exe

    • Size

      12.2MB

    • MD5

      61c842c4a5405955777dedab86174b67

    • SHA1

      c90ae53beec6a847ab13db03156f4661361a9918

    • SHA256

      33c0c309dba1ae1539b6e49b881f1abb5679ffcabf84fda8e5a4d52f588aa0a8

    • SHA512

      b4376d9544cf7f280aad0c81462b954fd11cb9e6fedee6b71b48439866480a6d530c34d51f1cfa3aea096af2a123f2b3a112f1aa55f1699f720a14d82fa5cf4b

    • SSDEEP

      393216:AQdqtWL01+l+uq+VvedQJlewF3MnG3xl5lcgGLrlcTuOs:AqCq01+l+uqgvedQT3MGxdZ

    Score
    10/10
    exelastealercollectioncredential_accessdefense_evasiondiscoveryevasionpersistenceprivilege_escalationpyinstallerspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral19behavioral20

    • Target

      Stub.pyc

    • Size

      198KB

    • MD5

      bf50be6023ad3852cf8dafe71ae0149e

    • SHA1

      a497396e43fd9bd19f699293f4a043283f6ce997

    • SHA256

      45dc909ea64b61dea3cc8aea2e85aede247f7970915c3ef18451748146c7a79c

    • SHA512

      4a98130ae575ad3a32e9801eb5354ad760e7dbec505f7216909ed391aa7f21d17f81a9d3cb386bf51451a4345f6bca4fe0236e2d68ac779400641493fa7a50b4

    • SSDEEP

      6144:MeYPhr47CTpKfTgYhYYYYY9YYjTFlZE1l:5spAsFlZ+

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

JavaScript

1
T1059.007

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Network Service Discovery

1
T1046

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Process Discovery

1
T1057

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

System Network Connections Discovery

1
T1049

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks