Resubmissions

10-11-2024 18:35

241110-w8jr9s1rhw 10

04-11-2024 17:00

241104-vjdpaatfnj 10

03-11-2024 15:12

241103-slhpxazmen 10

General

  • Target

    ElectronV3.exe

  • Size

    37.8MB

  • Sample

    241104-vjdpaatfnj

  • MD5

    1cbe8585b431cf47c67d346873d73b86

  • SHA1

    411627116f8ad58fac2bcd805871d3eedaeea29b

  • SHA256

    0df18ecef55a3c251ee62a5c6253b82d7d970b5312a9f399a1731405b73a2793

  • SHA512

    733d1256d97298c87f17b814b6edcc29ff12832258e184126a8416cc6d3b241dca5caf15022e7b84e5b4465c2b587adbfd0128b3e4714127daa51ec6676bef7f

  • SSDEEP

    786432:JG0CL9iGLQyZFu8HkDC/UbUjfge+1y3GIwAZ5eiGg1iEc2dQ/7K4rv3FqbE:JG0CwG3q87/EU41qVjGg1i/uQ/GUqbE

Malware Config

Targets

    • Target

      ElectronV3.exe

    • Size

      37.8MB

    • MD5

      1cbe8585b431cf47c67d346873d73b86

    • SHA1

      411627116f8ad58fac2bcd805871d3eedaeea29b

    • SHA256

      0df18ecef55a3c251ee62a5c6253b82d7d970b5312a9f399a1731405b73a2793

    • SHA512

      733d1256d97298c87f17b814b6edcc29ff12832258e184126a8416cc6d3b241dca5caf15022e7b84e5b4465c2b587adbfd0128b3e4714127daa51ec6676bef7f

    • SSDEEP

      786432:JG0CL9iGLQyZFu8HkDC/UbUjfge+1y3GIwAZ5eiGg1iEc2dQ/7K4rv3FqbE:JG0CwG3q87/EU41qVjGg1i/uQ/GUqbE

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks