General
-
Target
wavebeta.zip
-
Size
10.7MB
-
Sample
240628-ktts5stelj
-
MD5
cf2e7e5e8abf6c02949f6114614accef
-
SHA1
3a099165edc7e400f87189f2dd46b215d5661e3a
-
SHA256
e6d6f6661f4ea6eec448e3808d4d6a924485dbc46e236e2531e8b173810ee2c3
-
SHA512
d9dd372365d1aafcf7a80a40beac3f9ac531e1e9f401ea9466812aa78d329b2a430838a25736c31eda18b48ed6d171c0bbd072f3e1b3cf238a2bb82cdb45b93c
-
SSDEEP
196608:K1v8LnZXI0TSHS3eGpZk3mHBjSP/PMT2V5aosn15oOEmiTKCjzD:6wGjHSTpZNHBGnkTojsn15oztK8zD
Malware Config
Targets
-
-
Target
WaveSploit.exe
-
Size
10.8MB
-
MD5
af974f07886135f2bc37b376efc74e6e
-
SHA1
f02a0bf3d97f1e6c0f1c561bac37082c5552226f
-
SHA256
996126527ea3d851f5ad1a028de2531af8bb2a5d269534d9e7811095ba4b4c6f
-
SHA512
b3d6fbbc3a96c0f3c7026cc98df32b9f711d8f2cc03b852e3f2c052d5ddb3558a0ea034a457ef5948821bcc1a1965399f25a00213a40284a1ab4680b8a72f6b8
-
SSDEEP
196608:WsTlcbwPA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:N0xvtSUvX+9/pWFGRiBsnarIWeRaDH
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1