General
-
Target
Solara.exe
-
Size
13.0MB
-
Sample
240701-qyzg3svbpf
-
MD5
9624aa9bf59c4964fc202fd428ce519d
-
SHA1
e1e56568f59a0e8bad7b18934af367b783063dbc
-
SHA256
915e18ee4e889e1612331e6e233e110380a1360e8f372d01e4681745b50a63ac
-
SHA512
ea2d940b11a3c7131afd45fc83a12c7cbab6f7ef879ba673702b5913172d4e2c3349ce65e4c2df85d71da9476bc998f75bc5a9f46c48c26ee5468cd98c956a2f
-
SSDEEP
393216:EAct+L01+l+uq+Vvj1+TtIiF90VQxOC7P6gM:EQ01+l+uqgvj1QtINHC7Pc
Malware Config
Targets
-
-
Target
Solara.exe
-
Size
13.0MB
-
MD5
9624aa9bf59c4964fc202fd428ce519d
-
SHA1
e1e56568f59a0e8bad7b18934af367b783063dbc
-
SHA256
915e18ee4e889e1612331e6e233e110380a1360e8f372d01e4681745b50a63ac
-
SHA512
ea2d940b11a3c7131afd45fc83a12c7cbab6f7ef879ba673702b5913172d4e2c3349ce65e4c2df85d71da9476bc998f75bc5a9f46c48c26ee5468cd98c956a2f
-
SSDEEP
393216:EAct+L01+l+uq+Vvj1+TtIiF90VQxOC7P6gM:EQ01+l+uqgvj1QtINHC7Pc
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1