General
-
Target
Sniper 17.11.24.zip
-
Size
10.6MB
-
Sample
241205-1yrscazrbr
-
MD5
f4454a41224ffdcd7d8d28d9cd64262d
-
SHA1
8113c7d91272ea7e44b8b6c7d33cb2ed0c3bd24a
-
SHA256
516f36909316473913107bf8a3672e6586e5091eff66a3f9d698817f626b8a8f
-
SHA512
c71f6941da71eb6d2dde9b53ce0d808c46faf9fd08e7518f0430360fd3b33abd0ba242b5e6d6f2f707618bf2e6bbae4cda75ebb3cd4420a278213b36f6973977
-
SSDEEP
196608:I3SJBZNBa35DGP3Iq/AOOPCz3XtXg9WhyaxKjTbl1k+fuEiYSkzs:lTa35DCn/nOqz3XW+Z4jlRAkzs
Behavioral task
behavioral1
Sample
Sniper 17.11.24/Roblox Sniper/snipemania.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Stub.pyc
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Sniper 17.11.24/Roblox Sniper/snipemania.exe
-
Size
10.8MB
-
MD5
77ae59ba29b4f49eb0e79f5cee225ddf
-
SHA1
b6b8f720cb86be6ce9c8f866be783b44f6fbfb26
-
SHA256
f6e9058833929bb527520291381b258da8cae37db65cdecd95d06971b93daa9a
-
SHA512
eb08371ba4b060f4d03337d1611d999947137a5a6bedef1bee1548e013bf796c44aa4b1cb06594afc44b787135745ba22b66ad26c604dffd6a9cd523dfd6781f
-
SSDEEP
196608:8UXm51flz2Jp5UfLuiB6yavnlPzf+JiJCsVMvHTynKFDhSiJSamx:eh2Jp5MlBRavnlPSa7WvuexXmx
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Stub.pyc
-
Size
874KB
-
MD5
ea37db674a41c8a28e749a1f00b9db19
-
SHA1
99406bbef813c86d75175c94d2dfe7e844d71e35
-
SHA256
f761c2ef168baef90d72aa42657e3d7475ad633fd698fa4ff6c2e1f2d3b5b030
-
SHA512
6bdadb323dd19744f5885a38b24d272a40cef249313138155cca63904123b13bc7d876d530e118b54bdb312669b623d72e86c5c19780413136abe9bac692e626
-
SSDEEP
12288:K3LGlJDl/8c25sfdiO3bm9qd07OY0bgrSA73xWcvw40pV6M3qsbWo:25b54sL940MgGALxEV67sbWo
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1System Information Discovery
4System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1