General
-
Target
Exela.exe
-
Size
25.7MB
-
Sample
240624-k41pfaxhpn
-
MD5
e71047b3495df17384eb4319034f1233
-
SHA1
6c960ae1119f492502fbda9a0948525c310bfe3a
-
SHA256
b7838b068b89b0dbe13660eb2f9ca3168ee2685549accd8ab8312f0e9cce610e
-
SHA512
e715578d68942b2b224433881a1aa37a960929fdc67a1bbac642356c3f6c1b28e283708c39260dd5b30dbc7ce7fa79cff4324198180d047603465e6aea2f09dc
-
SSDEEP
393216:IS+D9et5y+9/pWFGRUnfXBsnYDrIW1TaDH:IS+D6y+9/pWRGH6q
Malware Config
Targets
-
-
Target
Exela.exe
-
Size
25.7MB
-
MD5
e71047b3495df17384eb4319034f1233
-
SHA1
6c960ae1119f492502fbda9a0948525c310bfe3a
-
SHA256
b7838b068b89b0dbe13660eb2f9ca3168ee2685549accd8ab8312f0e9cce610e
-
SHA512
e715578d68942b2b224433881a1aa37a960929fdc67a1bbac642356c3f6c1b28e283708c39260dd5b30dbc7ce7fa79cff4324198180d047603465e6aea2f09dc
-
SSDEEP
393216:IS+D9et5y+9/pWFGRUnfXBsnYDrIW1TaDH:IS+D6y+9/pWRGH6q
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1