General
-
Target
Paranoid v3.4.zip
-
Size
23.2MB
-
Sample
240928-qr6mtayanj
-
MD5
e263067c267423865360cdf1192ededf
-
SHA1
358e3d6aca6d4cdfcfc0dfdc9440bd165c02500a
-
SHA256
965faa9d136d712e2a5008849ebee26b11a375a8d6b1e7fce72c9b730afba375
-
SHA512
f3eb3343c271920f2aee06dc57ead592e155d138027e72360ef28867aca4ccace45cd254b2c6a60ecfdd72755a4555f85b15d24916c1f4a63482911b423abc29
-
SSDEEP
393216:Djgv1+s+DNstZUsrW6qTKFbY8QrtYvZRcD0cv4hHvBB9e6MgiwBy/ND1/uNsmflN:AtZ+DNMUsrW6Bb6rWfoYPD9e6MgFBaDy
Malware Config
Targets
-
-
Target
Paranoid v3.4.exe
-
Size
5.4MB
-
MD5
b59bbf2b7e8cbffe5379af74aec57b64
-
SHA1
6b0cdc014d7355f2e49fd21eba49fccfc9fdf78d
-
SHA256
15d0940cf9eabcd263bc029fcab518c1e6d7d0ccf6c6fee8bd8df39b5cf57719
-
SHA512
371979adbb472bc46b9c2750a209368ead2ee4d5ba553a329d8cf6303c5d68bc4d96d90cac8fcaed1842be811644b91c084174fc12ac01def402580a27c941b1
-
SSDEEP
98304:Pxmj6PKIlxpwpzoLLJ3TbwaVvrZE0I7yoFQK15W8ASLmbNYJERw1jrTHNyGswCtG:PxmvIlnw9onJ5hrZEnyiU8AdZYJERur3
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
VCRUNTIME140.dll
-
Size
116KB
-
MD5
be8dbe2dc77ebe7f88f910c61aec691a
-
SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40
-
SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
-
SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655
-
SSDEEP
1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
Score1/10 -
-
-
Target
libGLE.bin
-
Size
12.8MB
-
MD5
abe7c67099af71c51e5ab3219afb5908
-
SHA1
d521769e0f6b8eb7907a1b2f497ec70c68c08cf0
-
SHA256
c2695d7cfa0854af40e36276df25cb46aad09f035a02a273cd2e8270e221c9dc
-
SHA512
e5e7557b5c6470d3f9e24bd5994585a49562f719b5a682816d1988f69664fce8339d902ea9a19ccfa72f99851fb2a7739b9f559690a1b8747d8121145eb141ec
-
SSDEEP
393216:UNWdqshZ2YsHFUK2JadQJlewF3MnG3xl5nTBqrIWdRaDH:28pZ2YwUlJadQT3MGxVF2q
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
libcrypto-3.dll
-
Size
4.9MB
-
MD5
51e8a5281c2092e45d8c97fbdbf39560
-
SHA1
c499c810ed83aaadce3b267807e593ec6b121211
-
SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a
-
SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb
-
SSDEEP
98304:S3+FRtLtlVriXpshX179Cahd4tC9P1+1CPwDvt3uFlDCi:ASRtLtvd99Cahd4tC9w1CPwDvt3uFlDz
Score1/10 -
-
-
Target
libffi-8.dll
-
Size
38KB
-
MD5
0f8e4992ca92baaf54cc0b43aaccce21
-
SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
-
SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
-
SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
SSDEEP
768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
Score1/10 -
-
-
Target
libssl-3.dll
-
Size
771KB
-
MD5
bfc834bb2310ddf01be9ad9cff7c2a41
-
SHA1
fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c
-
SHA256
41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1
-
SHA512
6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3
-
SSDEEP
6144:7aO1lo7USZGjweMMHO4+xuVg7gCl2VdhMd1DdwMVn4TERUr3zgKpJJ/wknofFe9A:FkeMKOr97gCAE35gEGzLpwknofFe9XbE
Score1/10 -
-
-
Target
pyexpat.pyd
-
Size
194KB
-
MD5
e2d1c738d6d24a6dd86247d105318576
-
SHA1
384198f20724e4ede9e7b68e2d50883c664eee49
-
SHA256
cdc09fbae2f103196215facd50d108be3eff60c8ee5795dcc80bf57a0f120cdf
-
SHA512
3f9cb64b4456438dea82a0638e977f233faf0a08433f01ca87ba65c7e80b0680b0ec3009fa146f02ae1fdcc56271a66d99855d222e77b59a1713caf952a807da
-
SSDEEP
3072:jJB/b2LOWs5LS04q1uqtF+ai7dYbmdRLjDxKyw6XUWdRBIpLhCujk:dB6yx5LT1gqtF+XGeL/xiBoR4g
Score1/10 -
-
-
Target
python3.dll
-
Size
66KB
-
MD5
4038af0427bce296ca8f3e98591e0723
-
SHA1
b2975225721959d87996454d049e6d878994cbf2
-
SHA256
a5bb3eb6fdfd23e0d8b2e4bccd6016290c013389e06daae6cb83964fa69e2a4f
-
SHA512
db762442c6355512625b36f112eca6923875d10aaf6476d79dc6f6ffc9114e8c7757ac91dbcd1fb00014122bc7f656115160cf5d62fa7fa1ba70bc71346c1ad3
-
SSDEEP
768:/BV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM8:pDmF61JFn+/OJBIpL0j7Sy5xH
Score1/10 -
-
-
Target
python312.dll
-
Size
6.7MB
-
MD5
48ebfefa21b480a9b0dbfc3364e1d066
-
SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a
-
SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2
-
SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce
-
SSDEEP
98304:2OUmnjqB6bHMYM3RNgqKutvDHDMiEtYkzuv:2OUmn+MnM3R+qYi3kzuv
Score1/10 -
-
-
Target
select.pyd
-
Size
29KB
-
MD5
e1604afe8244e1ce4c316c64ea3aa173
-
SHA1
99704d2c0fa2687997381b65ff3b1b7194220a73
-
SHA256
74cca85600e7c17ea6532b54842e26d3cae9181287cdf5a4a3c50af4dab785e5
-
SHA512
7bf35b1a9da9f1660f238c2959b3693b7d9d2da40cf42c6f9eba2164b73047340d0adff8995049a2fe14e149eba05a5974eee153badd9e8450f961207f0b3d42
-
SSDEEP
384:OyLTFInPLnIloHqP3DT90IBIpQG28HQIYiSy1pCQ5mrUAM+o/8E9VF0NyOYl:hinzfHqv1rBIpQG/5YiSyvkrUAMxkErl
Score1/10 -
-
-
Target
ucrtbase.dll
-
Size
992KB
-
MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef
-
SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6
-
SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
-
SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd
-
SSDEEP
24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
Score1/10 -
-
-
Target
unicodedata.pyd
-
Size
1.1MB
-
MD5
fc47b9e23ddf2c128e3569a622868dbe
-
SHA1
2814643b70847b496cbda990f6442d8ff4f0cb09
-
SHA256
2a50d629895a05b10a262acf333e7a4a31db5cb035b70d14d1a4be1c3e27d309
-
SHA512
7c08683820498fdff5f1703db4ad94ad15f2aa877d044eddc4b54d90e7dc162f48b22828cd577c9bb1b56f7c11f777f9785a9da1867bf8c0f2b6e75dc57c3f53
-
SSDEEP
12288:PrEHdcM6hb1CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciA0:PrEXQCjfk7bPNfv42BN6yzUiA0
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1System Information Discovery
2System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1