Statik Analiz — MozellaELF | Tehdit: ORTA

Dosya Kimligi

SHA256d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4
Boyut6,346,808 byte (ELF 64-bit LSB, Linux x86-64)
Isimmozella (Mozilla takliti, Mozilla degil)

Mozella -- Mozilla Taklidi Linux ELF

ISIM TAKLIDI: mozella -- Mozilla Firefox taklit ismi, ancak Linux ELF malware!
mozella -- Mozilla Firefox taklidi isim\n\n-- ELF 64-bit LSB: Linux calistirilabilir dosyasi\n-- Boyut 6.3MB: PyInstaller bundle veya Go static binary olasiligi\n-- 27,688 string: tipik PyInstaller paketlemesi\n-- http.cookies(), requests.cookies(): Python kutuphanesi izleri\n-- Mozilla cookie hedefi: http.cookies modulu ile tarayici cookie parse

Suphelici Rus Alan Adlari

unittest.ru\nunittest.su\n\n-- .su (Soviet Union TLD): Rus siber suc oktorlerinin tercih ettigi alan adi\n-- .ru: Rusya TLD\n-- unittest: Python birim test cercevesi -- test ortami taklidi kamo mi?\n-- Gercek C2 mi yoksa PyInstaller dahili test modulu mi: belirsiz

Ag ve Cookie Kapasitesi

socket(\nhttp.cookies(\nrequests.cookies(\nbase64(\n\n-- socket: ham TCP/UDP baglantisi kapasitesi\n-- requests.cookies: Python requests kutuphanesi ile web istegi ve cookie yonetimi\n-- base64: veri kodlama/kodlama\n-- Hedef: tarayici cookie dosyalarini oku, C2 ya da exfil noktasina gonder

IOC

SHA256d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4
PlatformLinux ELF 64-bit x86-64
Isimmozella (Mozilla taklidi)
Suphelici domainunittest.ru, unittest.su

MozellaELF — Malware Profile

Linux ELF 64-bit PyInstaller-bundled credential stealer with Mozilla brand imitation filename (mozella). Python requests.cookies and http.cookies modules for browser cookie theft. Suspicious domains unittest.ru and unittest.su (Russian/Soviet TLDs). socket + base64 for exfiltration.

Malware Type
Infostealer
Programming Language
Python/PyInstaller
C2 Protocol
HTTP
Target Systems
Linux Sistemler

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (1 indicators)

IOC — MozellaELF
# SHA256 d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4
TypeValueNote
sha256 d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4
Tags
mozellaelflinux-elf-malwaremozella-mozilla-brand-imitationpyinstaller-linux-elf-bundleunittest-ru-suspicious-russian-domainunittest-su-soviet-union-tldhttp-cookies-requests-cookies-python-browser-cookie-theftsocket-base64-network-exfiltration