Resubmissions

09-12-2024 11:36

241209-nq1das1jhq 10

General

  • Target

    ElectronV3.zip

  • Size

    9.8MB

  • Sample

    241209-nq1das1jhq

  • MD5

    bb770bb4515d60daaaf26b168edc1cd9

  • SHA1

    2715fcc006c9289ad4fd901ea6f4f847a7d31067

  • SHA256

    5b7905a769e63cff95c5a11898ce070725463f7b1245e201c4c05ee7de75dae0

  • SHA512

    2b75cb8573f840c2412a0e6ab14c482fcd355074f966f4d90c61421c70fce9ae4963834be8e42d2e1489b8e45b81e72f13fd23328abc39ac41e7e661ed39409d

  • SSDEEP

    196608:wfEGWfgXw/1Did9R5QbhLLyNMUeamDtcC1fkgMisEAjWD0Kj:wf3oZS9whLeODeAkgMJdKj

Malware Config

Targets

    • Target

      ElectronV3/ElectronV3.exe

    • Size

      10.1MB

    • MD5

      30e0c375ce957f3398f208d487a08950

    • SHA1

      cc3137225c79532f95204d1eebad97b26e02f114

    • SHA256

      dcb6c47949bacabd601226411736bca0a6a043475b366c77d17f997205600923

    • SHA512

      d06ac050da037821d9226bca670652d23840795fbb32443eb83280577c1564e28ed03dc07acb70cf84d22597ee46eacf903138cc8092d76428e6b2d45bc371f0

    • SSDEEP

      196608:DMW+UvypefxfL/TLx4hz7DIxy2eNaHFJMIDJ+gsAGKkRmDTua9:ARqBrTGz7kk6Fqy+gs1K

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks