General

  • Target

    Exter.zip.zip

  • Size

    10.7MB

  • Sample

    241028-x7cg8svgrh

  • MD5

    442da5b2f5fe9993fc51a04ed007ae98

  • SHA1

    cd42a3742c440876e3369de2941dca6d2b117831

  • SHA256

    7d2ee4573798cc0b2b62c606093455d88a24076b6d32034d238087fbd5971852

  • SHA512

    a7edae3327276bd53a4c9fb128a2dc028e370ae2df1968bd8d50cbb06c17deb7c2655d242924db84500cae80541b5833fef08a25616659d6935a31bc217a2971

  • SSDEEP

    196608:4Lo8QwrNP4IbaGRpcQGKpg3OYC030bWe1/pxgxAuIUJy0y6VLhUE8KaL:4MFwSshRuQb8OYC0kNfgmZSvLhUE8

Malware Config

Targets

    • Target

      Exter.exe

    • Size

      21.2MB

    • MD5

      e5a2fee622dc433b5648e97a25737cb5

    • SHA1

      de21e8cd63f043243805af8b28a5414442f36329

    • SHA256

      ded95299f780dfbdbafd1be5d02792fcfe9023372551e1ac35401928699dd8e1

    • SHA512

      9c54e25b0802c1eeac7499d027149638d454ae5bcb22f527f82e85d10d80c2b7167c7ef6903b29e96675f40aef1807600d01f6d1abc675d0eedc6da3919e0043

    • SSDEEP

      196608:m1UwyPA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:qUKvtSUvX+9/pWFGRiBsnarIWeRaDH

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks