General

  • Target

    19961176322.zip

  • Size

    10.9MB

  • Sample

    241115-tg24esxblb

  • MD5

    a39575a0f2ec542f16b42c42111a342d

  • SHA1

    96ea6c42f3dd0b18c0fa8f6a9d7ed780bde14b31

  • SHA256

    0da05a2b74ed0b0c6ba4bcc6b8d750b313861bac4e35eb0336b7cb538a0ae93d

  • SHA512

    b680606d377683e1d2274759fb7cfbfa1fbbbc1c6da6a8bacab1d6ccaab23fe65ab947c1f8fdfa6a75f81239507598bb560fa3c943ce00b7c114179c09476b87

  • SSDEEP

    196608:pZNR+Be+YIHtQfqX8rqw3iuaFuJgGsS8W0al98lswxkngkd1ADO+lS21YVWe64by:+0vINnsrqw3iuWueGsS8W0w8SwKng/lz

Malware Config

Targets

    • Target

      87f285bd4941a32b46d2eb58239900388e43341b41ffbdbdf90741729a926624

    • Size

      44.7MB

    • MD5

      0d6481bb8e6911209bb3724896c5364f

    • SHA1

      59948f5695075f1006b052a1d9a2bd4803c9e547

    • SHA256

      87f285bd4941a32b46d2eb58239900388e43341b41ffbdbdf90741729a926624

    • SHA512

      33c53531b2b00e0803ef7d0175ebabb563a3c637afa7e1749d58be088e3f0cacda4d23fb302c190bdd58d9fbcb55a72ca266d8e52a4b9371f0c511e23af96577

    • SSDEEP

      196608:Ph/vwVxqIA+bo8bJZVPpf+DOcCwtZVZKuG2QqSEseCbXF8OLWt2mCxO:J/vqoIAEbnVPMxCeTG2QnrbV8LCxO

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks