General

  • Target

    d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8

  • Size

    10.7MB

  • Sample

    241028-xy2e1avhkk

  • MD5

    6b1eb54b0153066ddbe5595a58e40536

  • SHA1

    adf81c3104e5d62853fa82c2bd9b0a5becb4589a

  • SHA256

    d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8

  • SHA512

    104faaa4085c9173274d4e0e468eaf75fb22c4cfe38226e4594e6aa0a1dcb148bde7e5e0756b664f14b680872d2476340ebd69fac883d8e99b20acfb5f5dbf04

  • SSDEEP

    196608:ys+j9q6y7PuZANM3FEAIVqUkzgPyzKM+1t02mY1q6vgC5xU7BlUdinrDRQF6f1:yNBly7PumMtgqUTKt2mYtvggGBa4nr1h

Malware Config

Targets

    • Target

      d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8

    • Size

      10.7MB

    • MD5

      6b1eb54b0153066ddbe5595a58e40536

    • SHA1

      adf81c3104e5d62853fa82c2bd9b0a5becb4589a

    • SHA256

      d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8

    • SHA512

      104faaa4085c9173274d4e0e468eaf75fb22c4cfe38226e4594e6aa0a1dcb148bde7e5e0756b664f14b680872d2476340ebd69fac883d8e99b20acfb5f5dbf04

    • SSDEEP

      196608:ys+j9q6y7PuZANM3FEAIVqUkzgPyzKM+1t02mY1q6vgC5xU7BlUdinrDRQF6f1:yNBly7PumMtgqUTKt2mYtvggGBa4nr1h

    • Detects Monster Stealer.

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Monster

      Monster is a Golang stealer that was discovered in 2024.

    • Monster family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks