exelastealer | b78a86254b0752ed6cf71762e076d66209521ab81544bddac07129ae11a6ab3d

General

Target

mass_report_script.exe
Size

24.8MB
Sample

240528-n6e3ascc58
MD5

0a3dc00e485234149ddb7faac2e32889
SHA1

dc911b14a639e139dae9f58e9e89c9f1a79e11af
SHA256

b78a86254b0752ed6cf71762e076d66209521ab81544bddac07129ae11a6ab3d
SHA512

6d0130c1104a0e01fe82aaca0ddfa6c015cc9749944d1cf544b567707e7d762a99af05ba327e07c11730b2e1be7408a3ff307b681106580bc004051b9efa123e
SSDEEP

393216:7PjV5L1V8dvvX+9/pWFGRiBsnOrIWeRaDH:7PjLROvX+9/pWHGhRq

Score

10^/10

Malware Config

Targets

- Target
  
  mass_report_script.exe
- Size
  
  24.8MB
- MD5
  
  0a3dc00e485234149ddb7faac2e32889
- SHA1
  
  dc911b14a639e139dae9f58e9e89c9f1a79e11af
- SHA256
  
  b78a86254b0752ed6cf71762e076d66209521ab81544bddac07129ae11a6ab3d
- SHA512
  
  6d0130c1104a0e01fe82aaca0ddfa6c015cc9749944d1cf544b567707e7d762a99af05ba327e07c11730b2e1be7408a3ff307b681106580bc004051b9efa123e
- SSDEEP
  
  393216:7PjV5L1V8dvvX+9/pWFGRiBsnOrIWeRaDH:7PjLROvX+9/pWHGhRq
Score

10^/10

upx exelastealer evasion persistence pyinstaller spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Stub.pyc
- Size
  
  876KB
- MD5
  
  9fbdec4dae910fe824e2a687cd880232
- SHA1
  
  8b462b769e74de90f8b4a4eeef434fbf9e552b71
- SHA256
  
  d1f14d6147531a91456f7a849b3c05f83ce2df8d5f49e464eb2ab29f243431d3
- SHA512
  
  008522d8fb9400d2aae32c6e3bb43eb3163ef3e2344b2b5cc1c8e5659cf5ba3d2d7c7b3012f7939efba5b9e103206062dc18a5f872398a3148c3e1f6d553a41c
- SSDEEP
  
  12288:L4qEsMM56G0XODlk09mDEpIUdJq+gh/1yKLGUt/zjjIpstn5eqSUcKExqo0Bpn:8qfwEDl79mDKwh/1yUtUpsbjzXn
Score

3^/10
behavioral3 behavioral4