General

  • Target

    Hellion.exe

  • Size

    38.2MB

  • Sample

    241223-swbz4stjhy

  • MD5

    59566623392030915cab95e28a90a436

  • SHA1

    a4ab68d3d5b64ca75f316dbbe2701e7b6e4a57fa

  • SHA256

    f3180b52edf675cd58c3c14ba13210d7d6c61a52990424ea729bdf6783696f27

  • SHA512

    5746eab07150f70c0560dceeedb8032791b60aa5d4297337979f2f2ceccbd1d6163aa18fb0f52148f382373ae044f9f27ef1837485ba6438d8b95f63f922822d

  • SSDEEP

    786432:E6O9GLfidzyMo8T9ZO8FyV1J1cuV7DW6USDdvBW/h4TSoRV11mm2sIZY7:Eh9G7AzyqZwJ186nTWp4TS2zssIZ+

Malware Config

Targets

    • Target

      Hellion.exe

    • Size

      38.2MB

    • MD5

      59566623392030915cab95e28a90a436

    • SHA1

      a4ab68d3d5b64ca75f316dbbe2701e7b6e4a57fa

    • SHA256

      f3180b52edf675cd58c3c14ba13210d7d6c61a52990424ea729bdf6783696f27

    • SHA512

      5746eab07150f70c0560dceeedb8032791b60aa5d4297337979f2f2ceccbd1d6163aa18fb0f52148f382373ae044f9f27ef1837485ba6438d8b95f63f922822d

    • SSDEEP

      786432:E6O9GLfidzyMo8T9ZO8FyV1J1cuV7DW6USDdvBW/h4TSoRV11mm2sIZY7:Eh9G7AzyqZwJ186nTWp4TS2zssIZ+

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks