exelastealer | 555193b4bf22d78d744acb28089caf091ca95bdd57653dd3ac267c71708dd001

General

Target

Exela.exe
Size

21.0MB
Sample

240620-yqfc8svgjd
MD5

78352c63f0742abb60ef2c4d3d6d5056
SHA1

e546b7f2f3b8415af09130bb50bec5fb3d94a6fd
SHA256

555193b4bf22d78d744acb28089caf091ca95bdd57653dd3ac267c71708dd001
SHA512

e2e91829fc1ecc67d5e8512b9064a5423dc2f718db2644d2aa67c2d3a66fce22b4c6d0f6d50d4224fffc3c37761463df3779250856bffb04a32b1aa86f0a11e7
SSDEEP

196608:KGlZOOepe+x+aPXq7n0jc/bPeNlInY7/s/bRy8rlMxRW5ygjbM:NY+X7n0jcwlIus/b02r

Score

10^/10

Malware Config

Targets

- Target
  
  Exela.exe
- Size
  
  21.0MB
- MD5
  
  78352c63f0742abb60ef2c4d3d6d5056
- SHA1
  
  e546b7f2f3b8415af09130bb50bec5fb3d94a6fd
- SHA256
  
  555193b4bf22d78d744acb28089caf091ca95bdd57653dd3ac267c71708dd001
- SHA512
  
  e2e91829fc1ecc67d5e8512b9064a5423dc2f718db2644d2aa67c2d3a66fce22b4c6d0f6d50d4224fffc3c37761463df3779250856bffb04a32b1aa86f0a11e7
- SSDEEP
  
  196608:KGlZOOepe+x+aPXq7n0jc/bPeNlInY7/s/bRy8rlMxRW5ygjbM:NY+X7n0jcwlIus/b02r
Score

10^/10

exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer upx
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1
- Target
  
  Stub.pyc
- Size
  
  799KB
- MD5
  
  e3c118b6e9c30608827f887dcbe3e9eb
- SHA1
  
  2eebc5955b3fac168a7c73d4fde1b085d1cfdeaf
- SHA256
  
  02922896db6f905c802c293975d81ec2c69a58f20b93fcc561716dc25c490f6a
- SHA512
  
  81e715617a8e11f1d816d956b9b09b35d7035494b173cde4c0c101e13394a9ed04a24b894f04fb7eaaaa19fef7bffd141d952242858c9bc40a4f97fbb534faa7
- SSDEEP
  
  24576:ct4C/JgJH4D1vILAEsN9PtiB2zFN8wMdVKpsg3bwxKn:POu43RtJcdVIn
Score

3^/10
behavioral2