General
-
Target
mac.exe
-
Size
11.6MB
-
Sample
241201-yy5cbsvpdq
-
MD5
5e4af59b15f707006f96e6472a176f65
-
SHA1
fcef247cc530ec493f207fce18b416e1c9b7e03c
-
SHA256
abbc5d4d36cf8606190e7af53b7360eea48eb698027838235acf6b15b006437a
-
SHA512
f35b1d71bc8669c37665653beb522a93d7b287199abb30c6e63c75a90516884ab38a54524e6afbb8581f1d19a7522c455d8cfc02d6810539fd03d2cddc781c28
-
SSDEEP
196608:xhDGKA9ivNm1E8giq1g9mveNK+wfm/pf+xfdjSEqREKi7dU/itOpcQK/iJMMu/:bI9i1m1NqaK+9/pWF8NREKsdUat1Viyx
Behavioral task
behavioral1
Sample
mac.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Stub.pyc
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
mac.exe
-
Size
11.6MB
-
MD5
5e4af59b15f707006f96e6472a176f65
-
SHA1
fcef247cc530ec493f207fce18b416e1c9b7e03c
-
SHA256
abbc5d4d36cf8606190e7af53b7360eea48eb698027838235acf6b15b006437a
-
SHA512
f35b1d71bc8669c37665653beb522a93d7b287199abb30c6e63c75a90516884ab38a54524e6afbb8581f1d19a7522c455d8cfc02d6810539fd03d2cddc781c28
-
SSDEEP
196608:xhDGKA9ivNm1E8giq1g9mveNK+wfm/pf+xfdjSEqREKi7dU/itOpcQK/iJMMu/:bI9i1m1NqaK+9/pWF8NREKsdUat1Viyx
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Stub.pyc
-
Size
874KB
-
MD5
4cd2452629ebb216dbfa55d524ee425f
-
SHA1
a4ac8693e7e57d60e86cde72a24d94f2c3dd080a
-
SHA256
745e565004a23e189e3b47d5fc5cfd48e750dad667d1b32d47181edeed97d8b7
-
SHA512
a38631789892c5463660a4cc921b6a86d17a7c5c20d79b62bd4e8055bc61345477d0f9116612a818d036c971a4066e94af334719625c59168c72b914de6882b9
-
SSDEEP
12288:lRb+1ArAtA+OmBPSRQNYROCxVaZ/M/lu1lICNhZ+fxOPImX5A4FFBONXNrGN:T4ArAtAGBPSRQNYiE/wsxcsA5
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1