General

  • Target

    Stub.rar

  • Size

    13.7MB

  • Sample

    241211-evt8ea1kar

  • MD5

    58ae6587fd5a3dbac3f8511197e14c0b

  • SHA1

    1277909771e2cb83adcfbf64164ef90f795844bb

  • SHA256

    c4846d87be3066f1a83f08952bb31443c936e1b92483e0073a86a4e1532140ed

  • SHA512

    426db72277c69d9fbf0ea5ef089c2e7c72b2047590928d0a628ba2ebda22d9be968dc6a281da98866e3ffa635612893cc32e99b65d0aa2e78358ec6792b3be2b

  • SSDEEP

    393216:t+r9nMSgZoe2LRswDXhINs0XZdQcF0Y09UhsnwgWMfh:t+FqyVsMXh6ZXZdQo0YoUhawgWMfh

Malware Config

Targets

    • Target

      Stub/StubRUNSMALWARE.bat

    • Size

      6KB

    • MD5

      72bd8faf339e4e373f3cd3c87ab862d6

    • SHA1

      bde1905839c1a752057f211fd739c39ace23a617

    • SHA256

      7b7f24ca18e76f242f2e3fc32ac6d78f7bfd0ffd05c24d22a8959e0468cc3f8f

    • SHA512

      ed41a0117b14cd6b29931fb265094f300810f7d5d8c13658e4673efce37cfa053a71f935012c09e4bb825929aca8eb3c6b7a3a5bc0a87b6bfea3d24d3bfab968

    • SSDEEP

      192:B9rfL8398nUo9rfL8398X89rfL8398XFH9fH9e14Hh:gT

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Stub/StubUI.exe

    • Size

      10.9MB

    • MD5

      9b7e728587d7d0dbcf25cd48ec930c8b

    • SHA1

      f13229010375df1648ac9a15b5bbd1c474b5331e

    • SHA256

      0e8063bd94bbe3a80ce2259b80cf11988842aed383bfa2045efbde44df779aa4

    • SHA512

      19c47f2ea1f113eff6ed9de45abc22d9b55d45948c3b68835331325a2766eca6903ace856aded93a1f5352f194f48df2d84fa458b8c81dfd886bd02938207406

    • SSDEEP

      196608:RLc4kKASm9cemXyuSyTde8zveNK+wfm/pf+xfdkRixKEr2WOHWKD39eH:C4SSm/tByxjgK+9/pWFGRi0Er2W673MH

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Stub/resources/SpoofAPI.dll

    • Size

      1.3MB

    • MD5

      95b428a94e88b2deea40423369c14adf

    • SHA1

      17dd76cc438e245cff7d192f45a0173ddd34ae1a

    • SHA256

      1cf19ba31cb4d465c458d81980d4a07dd1b3597550fe9bbbf005eeccb7ad9c6e

    • SHA512

      47d9ba062b326c4778f4f44e8eb5f14ccd14b6511a955b169dc49b26d1db6ab8c2924cc3057ed580b348d213801693b17ea20e927bd5d77f0ed3ab14f2aac5e5

    • SSDEEP

      24576:sIsoAeOjaoNwg7Uv4yZFhimuBaMvQBvY+Kj:SoFOjaQ1owyZPimuBgYNj

    Score
    1/10
    • Target

      Stub/resources/SpoofEnable.dll

    • Size

      47KB

    • MD5

      85628fd8d23269cbe625dc3a9143dbac

    • SHA1

      3489bca2d367dfdb7a54a45df4f0922f427e6d92

    • SHA256

      474a414482c33b404b9e48ed8973c748e046010fc6ac9b2fa3df9657074b81ea

    • SHA512

      fe222c620c7f2f4567fe315a8b49a1aa786daebf20e3d4677342913212cd5fa59abf86a630e55bd4bf293b9370688d0b95de1c7723728c0d83d1be4e991e30ec

    • SSDEEP

      768:xSVhfEPELPgbjlsSZlU9gBAeV1PFr71ocvm5QEEc3hxQc2Ia7+dkNaVij+PvGVlB:xSVhMdnls5qBAePFr7immbXu7+dJij+Q

    Score
    1/10
    • Target

      Stub/resources/SpoofInjector.dll

    • Size

      1.3MB

    • MD5

      fbd32ef93d8199755b4bff8a2bd9c01b

    • SHA1

      80389cacd54110f585012463851db6e9f311915e

    • SHA256

      1c2f025e3cd1d9ad69823f702b52449f1eeed553911632a456a1f1089ae75206

    • SHA512

      8ee4d4320ee3aef16d0418453fe194390c426e03640a3862c0ff489c01cd497dc6064bdbe90b3a9337b78c985dbeb238008a440baddc065ae3d145da2570b9e6

    • SSDEEP

      24576:KIsoAeOjaoNwg7Uv4yZFhimuBaMvQBvY+K/:goFOjaQ1owyZPimuBgYN/

    Score
    1/10
    • Target

      Stub/resources/SpoofProxy.dll

    • Size

      1.3MB

    • MD5

      45c2f37b8f06e6fed42b69b4abba88b5

    • SHA1

      0b90660601e02898066c2c490533164af8e39f46

    • SHA256

      0ff2c3004e8dd82ff5f16cadc6e582a36cb290c7cf307f49c3021bde340193c6

    • SHA512

      0613b6b34912b2fb123a73a8f3054e24fffe3a3538735c2326ee7b622f2374c20365b454f403a37e70592d4a33fc0782fabf70e0ee9cecd933129c59ff023278

    • SSDEEP

      24576:sIsoAeOjaoNwg7Uv4yZFhimuBaMvQBvY+Kb:SoFOjaQ1owyZPimuBgYNb

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.