exelastealer | 97ec311e0ffde2f3c26e4ff95ad37ad937db97fdf0a38e2c008d2f772a41e9f2

Sharing

Copy URL

Twitter E-mail

General

Target

Snake-main.rar
Size

10.7MB
Sample

240709-razcvaxcpk
MD5

5df03c247e622bd42d86becfb3058419
SHA1

434dd72524d4d105eb6bc7301d18f690bff11792
SHA256

97ec311e0ffde2f3c26e4ff95ad37ad937db97fdf0a38e2c008d2f772a41e9f2
SHA512

21a91e253ddbf63fab1cb6df082a740736e871dfc0d34bcfd322b19f43ca978b32b7b9b3a3768b087ed8f7ba6827c06a4bcbbf0425c4d6a4308567f742d6f2f5
SSDEEP

196608:94ezdeVDnGAGTr4Z38xMpe88EuN3mFueeOuGc7Xio5XrCt34QFNZgN:9rzdGqJro38Ae8buJm61tSkWt34Qq

Score

10^/10

Malware Config

Targets

- Target
  
  Snake-main.rar
- Size
  
  10.7MB
- MD5
  
  5df03c247e622bd42d86becfb3058419
- SHA1
  
  434dd72524d4d105eb6bc7301d18f690bff11792
- SHA256
  
  97ec311e0ffde2f3c26e4ff95ad37ad937db97fdf0a38e2c008d2f772a41e9f2
- SHA512
  
  21a91e253ddbf63fab1cb6df082a740736e871dfc0d34bcfd322b19f43ca978b32b7b9b3a3768b087ed8f7ba6827c06a4bcbbf0425c4d6a4308567f742d6f2f5
- SSDEEP
  
  196608:94ezdeVDnGAGTr4Z38xMpe88EuN3mFueeOuGc7Xio5XrCt34QFNZgN:9rzdGqJro38Ae8buJm61tSkWt34Qq
Score

3^/10
behavioral1 behavioral2
- Target
  
  Snake-Main/Bot Token.txt
- Size
  
  42B
- MD5
  
  3f349debeaf76810c360f057d5a72ac0
- SHA1
  
  a0193e0434fc3fc6ca127a7ae6653002fc430b2e
- SHA256
  
  2684ae07c0f5c230b37b749dd37abed350a98a93ace314be2200f4cb43b8c34d
- SHA512
  
  d73799479f63ad632ed1a15a38ea74834f18288aeb672b46d9249dfdc68adb9e429fcc6c8e4eb9d3856541a59a6819744fcc3e974dacd5c8bc8d304074ee1a20
Score

1^/10
behavioral3 behavioral4
- Target
  
  Snake-Main/Start.bat
- Size
  
  119B
- MD5
  
  7e66c1a0fd79f77535e29f61b336fb1c
- SHA1
  
  ef241e3e4133ac6d4874fb3200c6497a7f54cfa0
- SHA256
  
  a6d970a2792c4be79c1cf428540b6e845b04cf78fa3742d8c2f18b52b753ec8c
- SHA512
  
  f84c78589c8715127e1b50280a31efa9891a35cc26076e4037f3a30acfa3970005b224accc67182ff1ac4287463ea1b1738551b64c1d4037b1411075f7e6019b
Score

10^/10

upx exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral5 behavioral6
- Target
  
  Snake-Main/requirements.txt
- Size
  
  75B
- MD5
  
  9919fded21c33c329b65ddf6583c808b
- SHA1
  
  4cca3f876ae342d57288d6e935b8fccd8dd4c28d
- SHA256
  
  4174d26338408461fae7af6a002ab36fbd4fb6c6ff5780cee048256ee843adae
- SHA512
  
  9de5eaf2ea33ea621cb89d8aee8be20fac87b3e9c38a2199d0cc1075d7737372033809ecd08e7d9a14adf7ef037f5b74a657fbeb17701d42fce8ff24b264127d
Score

1^/10
behavioral7 behavioral8
- Target
  
  Snake-Main/vep-version/File/Stub/Snake/Snake.exe
- Size
  
  23.9MB
- MD5
  
  106c5b57b34fbe26d889d1184261fc56
- SHA1
  
  f1474981d7a0cdc880d61cef99f54e4b8e73a0ac
- SHA256
  
  8818d41ba951ea693ad4a2d354e68da12995e7395e6056c3b8d620a2d311085a
- SHA512
  
  dc67faf1981711114b379f60e5e61497e834c5199557ea1fa5f84ca0a46cc02b8c14a0a84314aa789baa9e82f0718d148bc0f7de0324bf940c2ff3638b8e7d2f
- SSDEEP
  
  196608:yYKfhiPA4mtSHeNvX+wfm/pf+xfdkRDZWKsnarIWOzW0Daq1H:7GvvtSUvX+9/pWFGRlBsnarIWeRa4H
Score

10^/10

exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer upx
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral10 behavioral9
- Target
  
  Stub.pyc
- Size
  
  875KB
- MD5
  
  d398a61be5accd43bdda880519488d56
- SHA1
  
  c558a8af011a80357e2724c3ebc3a8a5382955b9
- SHA256
  
  23a73e43ee16fb52536b62eb77d461f513fd9f8b7c78b60da85e81ecad2fd9d3
- SHA512
  
  5985f2c499429d13a96fea5da8fcbd1b82dd838e997d674fa75d5b9f0f611155082c51885053367a7ce4f40ce34256e2860c8b4976bd1a03bb8fe92fb1ad5a06
- SSDEEP
  
  24576:5XbayuT+bmwMM4o2r/GetZ2s8A5pEsIDMy9cOk3Xa:Puqbm3l4AgRYa
Score

3^/10
behavioral11 behavioral12
- Target
  
  Snake-Main/vep-version/File/Stub/other/coded/Snake.py.py
- Size
  
  7KB
- MD5
  
  77b6e524a8e2f139689e3cc0560ee1c2
- SHA1
  
  bc1034f88e9452e202fa02719d540f6592840049
- SHA256
  
  0a7a0e525fec16389e94f8e70e3c07b3a0e7628e6e2928112e255c203e0d15ee
- SHA512
  
  9901543520638d3afb6b20d1a8f5a19dddba8b2b59916d29420189a37baa30e65eaa973b383669447487cd6d0f5882c7fc217359a5b00db260e9381c48bd8163
- SSDEEP
  
  24:I777777777777777777xM777777777777777777xM777777777777xM77777777h:H
Score

3^/10
behavioral13 behavioral14