exelastealer | 499ed20a8f9a54f7631ed0a296bfc1c5e914c2fd3ed73fbb77c40dd2b861faf4

Sharing

Copy URL

Twitter E-mail

General

Target

Electron_V3.rar
Size

9.2MB
Sample

240624-bhs8sswbkm
MD5

99b597e902a287776b31409c6360d0e1
SHA1

27cb1da608b4b9b88a588c03c6f50681189ea33e
SHA256

499ed20a8f9a54f7631ed0a296bfc1c5e914c2fd3ed73fbb77c40dd2b861faf4
SHA512

006e60920a2b85680fc4ebb03dfa77eb016e84f293e938c7037dea7ea5145e2f31cebf16dc29713a32bfb9ddacf65f974f7fd26adf21f0f99f40f33561a9ff51
SSDEEP

196608:OZp4dT6flSf169O4tqtkj+AI7WVi+obw1Y5gLrhn2rRyoA7NbKYOxHRilA:OZelN69OvtkKAIP+obwtXh2rkoA7NbKN

Score

10^/10

Malware Config

Targets

- Target
  
  Electron V3/ElectronV3.exe
- Size
  
  19.3MB
- MD5
  
  b0885502ec66d85a82d73b72f9ed80f5
- SHA1
  
  982595a8a4de3cfc69f9215e72ca24c55f92e465
- SHA256
  
  c4439a3aebb0225e9e56775ed819aa466883d456bb4e5a821e1124b767140b6d
- SHA512
  
  735720c116f90e3aaaa2beaaf826013fe6c168bb603f4c5132d3fa2959392a7ef4a52c971bf51f6d1479fa128f2a3308605cd03594c2736adcff09d87aac79f0
- SSDEEP
  
  196608:G8QCuxCmDAJediqShxWTMRHvUWvo3hxjno/w3iFCxHQbRpXFJf5Pc:oBShATMRHdgxro/w3uCxHQb1Jh
Score

10^/10

exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer upx
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2
- Target
  
  Stub.pyc
- Size
  
  799KB
- MD5
  
  770585a4e7175a5f3acb6a7ab6c72bbb
- SHA1
  
  9fcc7498c944190b167a5f73932c5b92f573444f
- SHA256
  
  d1fd92f6099cc0dbe71d4c1b70cc608d7b7ef929bc270b6febe1ea08264a2748
- SHA512
  
  8ce3be9406636678f2b63c4aae2dcc5b06a96b078b1eaec2a80f5ffd495067676e0cb3c430058d7867ccfd154187d54c3af59503bd62f138f55684f7d73791d9
- SSDEEP
  
  12288:+gEFvz619CSHpXW+xQE5whanVHtE2zcGcXLrK0bCWZwUA913fVPWjw8fCmO:+1vzMMSHpm+GhaVd+rUBn3fYamO
Score

3^/10
behavioral3 behavioral4
- Target
  
  Electron V3/bin/agree.txt
- Size
  
  4B
- MD5
  
  b326b5062b2f0e69046810717534cb09
- SHA1
  
  5ffe533b830f08a0326348a9160afafc8ada44db
- SHA256
  
  b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
- SHA512
  
  9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de
Score

3^/10
behavioral5 behavioral6
- Target
  
  Electron V3/scripts/Inf Yield.txt
- Size
  
  98B
- MD5
  
  727b09f7da97df9cf7eb1bbe0eb19fed
- SHA1
  
  24b31b8e25757f0b3c94c143435fcbd084eb3c52
- SHA256
  
  eabc284aad668b0911ea92fea5b0fcd2803fbfdf651b5fa0b4cf5e0b63544a12
- SHA512
  
  af379acccefb60b1ca465076469c57d09f846467b94f4ae500dcaf0c69e4418d2bf5cac3af89ad3e177291ce1d63d0649f34bc5ebeec714b66d98b365901360e
Score

3^/10
behavioral7 behavioral8
- Target
  
  Electron V3/workspace/IY_FE.iy
- Size
  
  539B
- MD5
  
  291d5636a434c4f1ceb0f3f776c2a51f
- SHA1
  
  ae287e08f71c522a72812f0dace94b8ffb569341
- SHA256
  
  73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
- SHA512
  
  7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score

3^/10
behavioral10 behavioral9