General

  • Target

    ElectronV3.zip

  • Size

    37.5MB

  • Sample

    241102-mxwg9a1qdt

  • MD5

    a617668db25d48ad88cd32570ee28a03

  • SHA1

    8c2f35f5c508923f7c4e75ada7fb595b184b512c

  • SHA256

    4b06ec6ebe8bf2c37a99083e8d8f592a99572a4691aad07b22ef16d43de8494f

  • SHA512

    c3b43c2ece69f4e32024a0ec17ab3f6aed13315f1f46638d2b46faf7bee826d6c7b347820fc175ba3d2446214265ed4be46a08f6c4895a7a4dac2f8dee2f4779

  • SSDEEP

    786432:mTyXHeI/4x5x1JhA8WOwHHWydr8hDAF/Cjw+yAVAvogkrfzoP5A5k:mTOHeImnJHzmxdr8htjEsAgNoP50k

Malware Config

Targets

    • Target

      ElectronV3/ElectronV3.exe

    • Size

      37.8MB

    • MD5

      8fe4c19f89235c08d6676afba340c5b4

    • SHA1

      198d1576fa13ba1147b0ccf01e4aba9886ae44e3

    • SHA256

      9372ae0dcd737e61bfa791161ece3728963129c707fe7af5cc710be56c459b79

    • SHA512

      8e17449cf72c3dea91a5ebac6e477291d63a0341bd673fb0453c8271dc913a34dfaa87143b806e66eb704778890f187416f88615768b6df9f184955d77b584d8

    • SSDEEP

      786432:WCXvCOtmPf155bG8YCQDf4ejpmFBa3feLeKyQh/7K4rv3Fqbd:WAvCOUX5LdSrjpmFTLEw/GUqbd

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks