General

  • Target

    Waltuhium.exe

  • Size

    11.1MB

  • Sample

    241109-xbqd8azdmg

  • MD5

    1367126f6694188447c383594bd1341d

  • SHA1

    118660944b0cc7a0352c9749f359b10e106e0724

  • SHA256

    0fbad2885a4929b5dcf00028824c22b7dd8e276d13a1c8c341445f47852004ae

  • SHA512

    486379c7993161213de3ccdc4694d21b4b69879babd1f92ad9a4274f1934fbec36ade3386360c86baade860183bd32bceffa0ffe76cff4175893494c57a3de7a

  • SSDEEP

    196608:kR8JpjDDIK63UtauZijdDfyGg3wBdnpkYRM+82KiuW:163huc5DfDg3c692q

Malware Config

Targets

    • Target

      Waltuhium.exe

    • Size

      11.1MB

    • MD5

      1367126f6694188447c383594bd1341d

    • SHA1

      118660944b0cc7a0352c9749f359b10e106e0724

    • SHA256

      0fbad2885a4929b5dcf00028824c22b7dd8e276d13a1c8c341445f47852004ae

    • SHA512

      486379c7993161213de3ccdc4694d21b4b69879babd1f92ad9a4274f1934fbec36ade3386360c86baade860183bd32bceffa0ffe76cff4175893494c57a3de7a

    • SSDEEP

      196608:kR8JpjDDIK63UtauZijdDfyGg3wBdnpkYRM+82KiuW:163huc5DfDg3c692q

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks