General
-
Target
JJS Private.exe
-
Size
38.5MB
-
Sample
241031-l5v11swemc
-
MD5
614daaa56de42eda32fb82e869e9ac31
-
SHA1
6e0969d1668a6c1e200f4d02066d074a8ab0e889
-
SHA256
9b45bd6f93817b2140fbfcd28e85bbb910d473432bfc1acee2566a335de0e22f
-
SHA512
5c8f38af08e1f33b74fa872e3300b7a66b801c4c1fe9c3b876298030987ac833da037e4d2a54d5a2341a4d392c743c26fabe8691ef9bd94227f429ad941ca549
-
SSDEEP
786432:XnR0nhLp698hEn1n60JVIh9LxtjsvPxSyw8/zt5lM2CB8kU:3OhLpWjn9JOh93sc+/ztL
Malware Config
Targets
-
-
Target
JJS Private.exe
-
Size
38.5MB
-
MD5
614daaa56de42eda32fb82e869e9ac31
-
SHA1
6e0969d1668a6c1e200f4d02066d074a8ab0e889
-
SHA256
9b45bd6f93817b2140fbfcd28e85bbb910d473432bfc1acee2566a335de0e22f
-
SHA512
5c8f38af08e1f33b74fa872e3300b7a66b801c4c1fe9c3b876298030987ac833da037e4d2a54d5a2341a4d392c743c26fabe8691ef9bd94227f429ad941ca549
-
SSDEEP
786432:XnR0nhLp698hEn1n60JVIh9LxtjsvPxSyw8/zt5lM2CB8kU:3OhLpWjn9JOh93sc+/ztL
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Service Discovery
Attempt to gather information on host's network.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1