General
-
Target
049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb
-
Size
10.7MB
-
Sample
240524-n1f3eagd4v
-
MD5
cc7933b503e061ddde7158e108f19cc3
-
SHA1
41b74dc86cc1c4dde7010d3f596aacccf00b3133
-
SHA256
049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb
-
SHA512
87892a6f3e41ea43157cf13cc6402044ce41fd3d7eb7e456fced894c88d33786a80fa626c1b58436eba94997490256d2675598ba2e54b52affa64f5491c880a2
-
SSDEEP
196608:F46gBp3M/NHn3fY58FEjunH6Z0sU+FNuQ4zOZ+1ak3Yzb5:F46ksNH3J6qHwUaMrz5aP/
Static task
static1
Behavioral task
behavioral1
Sample
049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb
-
Size
10.7MB
-
MD5
cc7933b503e061ddde7158e108f19cc3
-
SHA1
41b74dc86cc1c4dde7010d3f596aacccf00b3133
-
SHA256
049f48024f31d86c5d8bf56c3da1d7be539c877ad189fb0c5aa9a228601d19eb
-
SHA512
87892a6f3e41ea43157cf13cc6402044ce41fd3d7eb7e456fced894c88d33786a80fa626c1b58436eba94997490256d2675598ba2e54b52affa64f5491c880a2
-
SSDEEP
196608:F46gBp3M/NHn3fY58FEjunH6Z0sU+FNuQ4zOZ+1ak3Yzb5:F46ksNH3J6qHwUaMrz5aP/
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-