Overview

overview

10

Static

static

3

VixenClean...er.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VixenCleaner.zip

  • Size

    38.2MB

  • Sample

    241205-d5fx4awrd1

  • MD5

    506bc9d5ea24c33aef9d69c817a7d208

  • SHA1

    5df5431e0a8a3cd029fe259426d7bea8426ff5f6

  • SHA256

    c042f9f10282a56921d986c967f00099cfa5f7c1ddcd4f87e94a057709ad74a3

  • SHA512

    05b2698b1ac2dd1070a715848ad17873b9ff0af5528cdbc79eb14e54298a54b81947346cfb7c2df0b4877fbc7907fe1664d339b078969073114450599ece1395

  • SSDEEP

    786432:O5Ty9ABd9MWE+xlqlUUM1aNd0/p9ueKkXOg0x6wRpngUTbsUqhyeSIkh:O5Ty+j0mad0/L7hX8lQUveHg

Score
10/10
exelastealercollectiondefense_evasiondiscoveryevasionstealer

Malware Config

Targets

    • Target

      VixenCleaner/VixenCleaner.exe

    • Size

      38.3MB

    • MD5

      023a47d1dd8515eb2d3bb50031d3c81c

    • SHA1

      2fb048f4788bc60c4a188bf9f02f617b722c2652

    • SHA256

      cfbeeebf33a3c4aae8b5481955396623a8911ae8398374af3adec7612ff5e542

    • SHA512

      8b9a8aef3e21dd935f6f01a0a7b79066e40ad0e3a79e9ea5439ea6572d44e007998ed5c027ec009726a85b2a7890adbe5b95663a7c7533d5a101f747602db13e

    • SSDEEP

      786432:bJKd4WSi4Qxe+54PNWJPhIrTfeMkusCFAYqeNKEGIW8OujWz+bvYewlgI3X22fqa:bJKjBxbyGPhI/bs1eN33W+Ue63X2wq

    Score
    10/10
    exelastealercollectiondefense_evasiondiscoveryevasionstealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Exelastealer family

      exelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Network Service Discovery

1
T1046

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Process Discovery

1
T1057

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

System Network Connections Discovery

1
T1049

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks