General
-
Target
adobe.exe
-
Size
47.1MB
-
Sample
240917-rndnasxfnm
-
MD5
ea61be6b25d36301e557eed1620322fd
-
SHA1
c8ef4bf6e9c8b22d54c498d05acffe9d5289bfc0
-
SHA256
809f6517480548b9976840145ff402d2598cdf6cc7bc210646306957ca41032e
-
SHA512
75de625524ea4aadfe8e57422561e31bbe44f8e6286cde06c5e3ca0cac0c7d91fe696836c487b8397dd0682de49e76b028d6cc8971c0cf00c07eb8841cf2bfc8
-
SSDEEP
786432:ZYEwzN8Wa35zYTIoaZD5G/p5H72RiL5WmVvz2a3yHoRYxCDDEHTCn2jM77b/BQcF:Z1wzeWaJzYTkdsp5H72q5WW2hIR9sCnF
Malware Config
Targets
-
-
Target
adobe.exe
-
Size
47.1MB
-
MD5
ea61be6b25d36301e557eed1620322fd
-
SHA1
c8ef4bf6e9c8b22d54c498d05acffe9d5289bfc0
-
SHA256
809f6517480548b9976840145ff402d2598cdf6cc7bc210646306957ca41032e
-
SHA512
75de625524ea4aadfe8e57422561e31bbe44f8e6286cde06c5e3ca0cac0c7d91fe696836c487b8397dd0682de49e76b028d6cc8971c0cf00c07eb8841cf2bfc8
-
SSDEEP
786432:ZYEwzN8Wa35zYTIoaZD5G/p5H72RiL5WmVvz2a3yHoRYxCDDEHTCn2jM77b/BQcF:Z1wzeWaJzYTkdsp5H72q5WW2hIR9sCnF
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
$PLUGINSDIR/SpiderBanner.dll
-
Size
9KB
-
MD5
17309e33b596ba3a5693b4d3e85cf8d7
-
SHA1
7d361836cf53df42021c7f2b148aec9458818c01
-
SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
-
SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
SSDEEP
192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score3/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
$PLUGINSDIR/app-64.7z
-
Size
46.7MB
-
MD5
d83bc69537d4fdc6ae5ee0ea3cf0d8a3
-
SHA1
835945090b2a4e4ebd8ad387840cce73a61fcaf2
-
SHA256
7fef49e90d6b39668f580934555314e9c32187ba556a24a7355dd34ceedf8dc1
-
SHA512
dd37d87ae4696bcf2a1ce654047a6efed775d340f6fe63cefd4609417f499bb4c5d6e270fba806865911395c240e1b4a92a229103eb8abc32ef2adc831346c5c
-
SSDEEP
786432:GEwzN8Wa35zYTIoaZD5G/p5H72RiL5WmVvz2a3yHoRYxCDDEHTCn2jM77b/BQc28:LwzeWaJzYTkdsp5H72q5WW2hIR9sCnLh
Score3/10 -
-
-
Target
LICENSE.electron.txt
-
Size
1KB
-
MD5
5fb9b491d7f7a3e27ce8226c3217c24c
-
SHA1
8d89950e3ee0ce5e2f840128df6a82330977df70
-
SHA256
13e4742ccfcf6f0542d6f262647d0758bea838b202b83b4403544c12e3dff395
-
SHA512
c81a194f0ff02dbde05cad0177aa6a6a901653182d047fdc4092f1c769bfb92de93a00dfed720ae3bb32178005c744e0fdac4c4ff3223f17e18c38b2a9936450
Score1/10 -
-
-
Target
chrome_100_percent.pak
-
Size
175KB
-
MD5
7c4728b2d58afdd97c4549c96b9561cc
-
SHA1
1e0d251eedd67e7021fc764b9188184617465c54
-
SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3
-
SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df
-
SSDEEP
3072:NSzwVnpE/JcG42w5+vfdYCJdx10khejSTS9SO0vVm7O0U27IIABNHlJsgfI:NSzwVYn4x5c1YC7x10fSucY7OP2ITQ
Score3/10 -
-
-
Target
chrome_200_percent.pak
-
Size
312KB
-
MD5
6af049ad6fd11ee90ad9db31c4e02082
-
SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7
-
SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4
-
SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715
-
SSDEEP
6144:KDQYaR+9b2nEz73QYV85u/oFYvwoytKi6obByPGlPFYKKo+:PfIyAg5u/oFFpxLlFYb
Score3/10 -
-
-
Target
icudtl.dat
-
Size
10.0MB
-
MD5
3f019441588332ac8b79a3a3901a5449
-
SHA1
c8930e95b78deef5b7730102acd39f03965d479a
-
SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57
-
SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9
-
SSDEEP
196608:gmXwSv9AAQMlptodliXUxR0rHf93WhlA6tnoB:gjKlQMlpgliXUxR0rHf93WhlA6tnoB
Score3/10 -
-
-
Target
locales/am.pak
-
Size
133KB
-
MD5
e0807c2e3e92bfd46fa865a31d2b8c76
-
SHA1
a0d02b3f68156eedab2d3ed152bc78b274befd21
-
SHA256
b5bbc673cb936f28ced393bbd714fe0c35e44529c95af3c33681f7f64fb596d4
-
SHA512
00df945702bde6eeeec0c7d884bf3eed45677b1913810cd5ac78b27170297eb0d89c56ed7df08010e2957864ba053c6e5c4f7d3c06e5f1e9f1139c196d7ca86c
-
SSDEEP
3072:VKBdD67wm8277Rt4rgEkA0MqimmoZSxlMG/yZJjhSIV/LWGe/oloSCkef97CSt14:VU0jJQS7x30jH8+y
Score3/10 -
-
-
Target
locales/ar.pak
-
Size
135KB
-
MD5
4c4590ffc76dc0a5d321c5d9a1a5fc57
-
SHA1
4dffc5a448eeafbfac0e94df0a9b97b851d4a830
-
SHA256
bd06f1f0b8e3f389b084c9f542f9a743ff6b7470dec398cd3ba6c5393e4b80c2
-
SHA512
0b0d633191172a91abc205407a9abcf00fefcad30be6af600fe661dcea3cc7c914b94d0a5e140ae38665b5b565b96887fd0648b21f846a340761304c4ea202a3
-
SSDEEP
3072:hDKwOV8SNgnvZhpwyjGxT4WMRxHSM2uZtE9VbZZJLYx7Zad0d4q2jAwG:huz7NgFyZWdX
Score3/10 -
-
-
Target
locales/bg.pak
-
Size
145KB
-
MD5
c672c8c89a32f63bb254b356c3ff8467
-
SHA1
7e3cf36fa3079c344d475869babfb2b29f044ef8
-
SHA256
8cc7af095ded268f395758ee41ab4192f50e1c1861c643a732938bfacd229e4d
-
SHA512
b754605328025799fb9a8771e9b853bf4708bb24a2492a5e92b91e6dbd77ef2a5e796736a6a1792d9602e29e6e91d0f94f7aeee7288c1778ec41056c453f1fcc
-
SSDEEP
3072:552GpqowXn9hqaYyyEU7RQrqjn1h4y8ZZHrzCky8A0oNaJCNgTj21pLsUVGwcF:T2GoooDNU7mZHrmky8ABZNWj21pLsUV6
Score3/10 -
-
-
Target
locales/bn.pak
-
Size
191KB
-
MD5
cff3c9ad87cef6970e2426ca73012935
-
SHA1
54dc00598b2acde263f6ff3dd1548620d1c5939f
-
SHA256
cbd3376dd8d2021f35e597faa06055ae91d430e10360e1f282b50acb9f17820c
-
SHA512
482febd00b673dedfa5283606208a7bdaa4307bf86bf8f70dba6c93b84d80c537c8dc80075d1f1dea3bd1f5cda98272f517ff79ff01e086582677c5b7103e3ec
-
SSDEEP
1536:1SYoLGRNWfWrlpiVnr18JMg61TpmvoxhejfY:QBGzWfWrLyDx
Score3/10 -
-
-
Target
locales/ca.pak
-
Size
94KB
-
MD5
d1c1e2a9809641eef81e753f26f1eb69
-
SHA1
cc54cf4149ea5d934ea3a0b0cd89a5b9f7169f38
-
SHA256
69b4bd559152df6b45008e9e71ab7ffc3557df06e01165227831506ba4a042f5
-
SHA512
34038c093ab83d804d0b1084b9f7b30e79e733f80c7e8e097f590b886e770610dcce1207a8fc56a2813894b6ca4e82f2cc7b88169ec6d352862ef5bd43c3a6a4
-
SSDEEP
1536:DoO1TIQGjMVyqv0llPfcgsLI54qZ2+O5aSaJESqUbmS+6fiXesB80wlozRhN7hd7:Dp+9qv0fXcgsLI54qZ2+O5aSaJESqU94
Score3/10 -
-
-
Target
locales/cs.pak
-
Size
96KB
-
MD5
cedbc097f6fc645a6023ba797cdfd0ea
-
SHA1
cdad25175d737f079b7ac383efae7d4ce039ef20
-
SHA256
3b747e1cbc29a0f2fa14f95f3dcb8ed970f198dc8d2a3b1d918485d51d6a97f1
-
SHA512
2c1bca725e5bbd2ecc1b53735956e218440abebff1f63b4572e10256394b258e149ecf4f6f0642fec2da18b37711e574d2c9c04af6f45e3cc0a3a74cf8762c92
-
SSDEEP
1536:IdUXL9aG22wV5e3N1+t6aeM2k33zR5qphARYz78QI3T:Iez22wSN1+okj5qzX78QID
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1Query Registry
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1