General

  • Target

    Hellion.exe

  • Size

    39.2MB

  • Sample

    241120-s4h4dsycmf

  • MD5

    7c8b836cc2e24a14994390ecfc23ab60

  • SHA1

    ae07a2cfa281c3e597ca309fd1fc9ac0990490d8

  • SHA256

    53d4b1bdf55b84b9dc09963fbf8c25d2d8164dba5130d136a96c02dc548eb79f

  • SHA512

    da57ecf50fa02aeba119981e7ff6ec8d9efad9633192898db6caa2a3f57037edbc5165c7bfb3664c98dacd262ed207cf5a151997e1bd119ddefdbf9ce5e7377d

  • SSDEEP

    786432:w1mgeOt2n0c009m7azBnwpF7zWAwpnut5n:w1oZn0c009S8exWA35n

Malware Config

Targets

    • Target

      Hellion.exe

    • Size

      39.2MB

    • MD5

      7c8b836cc2e24a14994390ecfc23ab60

    • SHA1

      ae07a2cfa281c3e597ca309fd1fc9ac0990490d8

    • SHA256

      53d4b1bdf55b84b9dc09963fbf8c25d2d8164dba5130d136a96c02dc548eb79f

    • SHA512

      da57ecf50fa02aeba119981e7ff6ec8d9efad9633192898db6caa2a3f57037edbc5165c7bfb3664c98dacd262ed207cf5a151997e1bd119ddefdbf9ce5e7377d

    • SSDEEP

      786432:w1mgeOt2n0c009m7azBnwpF7zWAwpnut5n:w1oZn0c009S8exWA35n

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks