General

  • Target

    test.exe

  • Size

    11.0MB

  • Sample

    241225-d876raxjcr

  • MD5

    2e44d625a51667de554f8fc5fc232e83

  • SHA1

    1a6f7e77500bd46a12e621618ba19df0d3a9560d

  • SHA256

    647897b22f1a8819c060b4cb4bc1f5838a26969772f3fc154d93c11acb13e00a

  • SHA512

    3f692b51dd3ef3a26142d17e2ac5c206aa94642e8d462388e5c61b214250358be806c74a6a330dac9d7063ef78717fb69e9d1c4ae899f6f3bcefba76ff77b184

  • SSDEEP

    196608:gX16VVe3kdQyvNm1E8giq1g9PwfI9jsCbB7m+mKOY7rLZuuoQfbGTb9mhPTNGsff:a16Le0ay1m1Nq3Int7HmBYLaKbGTbo1N

Malware Config

Targets

    • Target

      test.exe

    • Size

      11.0MB

    • MD5

      2e44d625a51667de554f8fc5fc232e83

    • SHA1

      1a6f7e77500bd46a12e621618ba19df0d3a9560d

    • SHA256

      647897b22f1a8819c060b4cb4bc1f5838a26969772f3fc154d93c11acb13e00a

    • SHA512

      3f692b51dd3ef3a26142d17e2ac5c206aa94642e8d462388e5c61b214250358be806c74a6a330dac9d7063ef78717fb69e9d1c4ae899f6f3bcefba76ff77b184

    • SSDEEP

      196608:gX16VVe3kdQyvNm1E8giq1g9PwfI9jsCbB7m+mKOY7rLZuuoQfbGTb9mhPTNGsff:a16Le0ay1m1Nq3Int7HmBYLaKbGTbo1N

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks