Extracted

• • Target

    SoIus-EXP.bat

  • Size

    257B

  • MD5

    a3e9bc1fe7dcaafa5f6ce206d0bc134e

  • SHA1

    88d0034dbd91f66ff7273d6c2590d60d25c9c0ee

  • SHA256

    a5331eb1ed9346e945245aa608fe35f0b1872d60436f1677ed2cb5afb9717dcc

  • SHA512

    9272ad9f9eec2a4781c1c251187ff8cc849ce57eb4a0d29963c0574a819dd2118dd0423890b92d71b1c899c161dcbdb2778590569230788fd51dc07daa2597b1

  Score

  10^/10

  exelastealerevasionpyinstallerspywarestealerupx

  • Exela Stealer

    Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    stealerexelastealer

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1