General

  • Target

    2025-07-01_2bdca50989ab654829149dc7bf88c556_elex_stop

  • Size

    12.6MB

  • Sample

    250701-jq1a3s1zhs

  • MD5

    2bdca50989ab654829149dc7bf88c556

  • SHA1

    1603329ea31dc137ceab8ea168e8b1287af6100f

  • SHA256

    39c6ef46d6c19abcf5dcb888268eafaab66fdbd409d04397fb71d77e7b910cdd

  • SHA512

    15061f1729aceef0b88df0ff78e5a71a2cce3e4db0c88eeedb2d0b46266e20ae70350df9696e7c099f26655c0f8b92ca5ed74fe598a6dfb7f81085ba5a56281f

  • SSDEEP

    3072:xxAHNZL/I+/9yajam+ozwcDh4+6LRgTJWErPFKYRAI59E888U52525252525252P:bkPLAmDjlvEnLRWlKDIU888n

Malware Config

Targets

    • Target

      2025-07-01_2bdca50989ab654829149dc7bf88c556_elex_stop

    • Size

      12.6MB

    • MD5

      2bdca50989ab654829149dc7bf88c556

    • SHA1

      1603329ea31dc137ceab8ea168e8b1287af6100f

    • SHA256

      39c6ef46d6c19abcf5dcb888268eafaab66fdbd409d04397fb71d77e7b910cdd

    • SHA512

      15061f1729aceef0b88df0ff78e5a71a2cce3e4db0c88eeedb2d0b46266e20ae70350df9696e7c099f26655c0f8b92ca5ed74fe598a6dfb7f81085ba5a56281f

    • SSDEEP

      3072:xxAHNZL/I+/9yajam+ozwcDh4+6LRgTJWErPFKYRAI59E888U52525252525252P:bkPLAmDjlvEnLRWlKDIU888n

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks