General

  • Target

    mac.exe

  • Size

    11.6MB

  • Sample

    241201-yy5cbsvpdq

  • MD5

    5e4af59b15f707006f96e6472a176f65

  • SHA1

    fcef247cc530ec493f207fce18b416e1c9b7e03c

  • SHA256

    abbc5d4d36cf8606190e7af53b7360eea48eb698027838235acf6b15b006437a

  • SHA512

    f35b1d71bc8669c37665653beb522a93d7b287199abb30c6e63c75a90516884ab38a54524e6afbb8581f1d19a7522c455d8cfc02d6810539fd03d2cddc781c28

  • SSDEEP

    196608:xhDGKA9ivNm1E8giq1g9mveNK+wfm/pf+xfdjSEqREKi7dU/itOpcQK/iJMMu/:bI9i1m1NqaK+9/pWF8NREKsdUat1Viyx

Malware Config

Targets

    • Target

      mac.exe

    • Size

      11.6MB

    • MD5

      5e4af59b15f707006f96e6472a176f65

    • SHA1

      fcef247cc530ec493f207fce18b416e1c9b7e03c

    • SHA256

      abbc5d4d36cf8606190e7af53b7360eea48eb698027838235acf6b15b006437a

    • SHA512

      f35b1d71bc8669c37665653beb522a93d7b287199abb30c6e63c75a90516884ab38a54524e6afbb8581f1d19a7522c455d8cfc02d6810539fd03d2cddc781c28

    • SSDEEP

      196608:xhDGKA9ivNm1E8giq1g9mveNK+wfm/pf+xfdjSEqREKi7dU/itOpcQK/iJMMu/:bI9i1m1NqaK+9/pWF8NREKsdUat1Viyx

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Stub.pyc

    • Size

      874KB

    • MD5

      4cd2452629ebb216dbfa55d524ee425f

    • SHA1

      a4ac8693e7e57d60e86cde72a24d94f2c3dd080a

    • SHA256

      745e565004a23e189e3b47d5fc5cfd48e750dad667d1b32d47181edeed97d8b7

    • SHA512

      a38631789892c5463660a4cc921b6a86d17a7c5c20d79b62bd4e8055bc61345477d0f9116612a818d036c971a4066e94af334719625c59168c72b914de6882b9

    • SSDEEP

      12288:lRb+1ArAtA+OmBPSRQNYROCxVaZ/M/lu1lICNhZ+fxOPImX5A4FFBONXNrGN:T4ArAtAGBPSRQNYiE/wsxcsA5

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks