General

  • Target

    Sniper 17.11.24.zip

  • Size

    10.6MB

  • Sample

    241205-1yrscazrbr

  • MD5

    f4454a41224ffdcd7d8d28d9cd64262d

  • SHA1

    8113c7d91272ea7e44b8b6c7d33cb2ed0c3bd24a

  • SHA256

    516f36909316473913107bf8a3672e6586e5091eff66a3f9d698817f626b8a8f

  • SHA512

    c71f6941da71eb6d2dde9b53ce0d808c46faf9fd08e7518f0430360fd3b33abd0ba242b5e6d6f2f707618bf2e6bbae4cda75ebb3cd4420a278213b36f6973977

  • SSDEEP

    196608:I3SJBZNBa35DGP3Iq/AOOPCz3XtXg9WhyaxKjTbl1k+fuEiYSkzs:lTa35DCn/nOqz3XW+Z4jlRAkzs

Malware Config

Targets

    • Target

      Sniper 17.11.24/Roblox Sniper/snipemania.exe

    • Size

      10.8MB

    • MD5

      77ae59ba29b4f49eb0e79f5cee225ddf

    • SHA1

      b6b8f720cb86be6ce9c8f866be783b44f6fbfb26

    • SHA256

      f6e9058833929bb527520291381b258da8cae37db65cdecd95d06971b93daa9a

    • SHA512

      eb08371ba4b060f4d03337d1611d999947137a5a6bedef1bee1548e013bf796c44aa4b1cb06594afc44b787135745ba22b66ad26c604dffd6a9cd523dfd6781f

    • SSDEEP

      196608:8UXm51flz2Jp5UfLuiB6yavnlPzf+JiJCsVMvHTynKFDhSiJSamx:eh2Jp5MlBRavnlPSa7WvuexXmx

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Stub.pyc

    • Size

      874KB

    • MD5

      ea37db674a41c8a28e749a1f00b9db19

    • SHA1

      99406bbef813c86d75175c94d2dfe7e844d71e35

    • SHA256

      f761c2ef168baef90d72aa42657e3d7475ad633fd698fa4ff6c2e1f2d3b5b030

    • SHA512

      6bdadb323dd19744f5885a38b24d272a40cef249313138155cca63904123b13bc7d876d530e118b54bdb312669b623d72e86c5c19780413136abe9bac692e626

    • SSDEEP

      12288:K3LGlJDl/8c25sfdiO3bm9qd07OY0bgrSA73xWcvw40pV6M3qsbWo:25b54sL940MgGALxEV67sbWo

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks