exelastealer | 5d1507d56ace151c079f6c79b33dd3a5b2d3b311a0c49c7fb9ba1c682cc1e8e4 | Triage

Submit
Reports

Overview

overview

Static

static

3

Comet Imag...er.exe

windows7-x64

7

Comet Imag...er.exe

windows10-2004-x64

Sharing

General

Target

Comet Image Logger.exe
Size

10.8MB
Sample

240713-2ynlcssgkb
MD5

c1d0f050ce5caaa7747e4422b09e036c
SHA1

4450fcaaad77a23dbad5c004a790d92833e9bce8
SHA256

5d1507d56ace151c079f6c79b33dd3a5b2d3b311a0c49c7fb9ba1c682cc1e8e4
SHA512

52c2e30b01614ac536244129458fdb0601ccbe5ae3ce7bdf321ecd3772eea75d89bcbd92dbdef4150dae527855a9363b145d6bb6c28e3453810c9d4b415bd080
SSDEEP

196608:jFCDc+Z0PA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:RPc9vtSUvX+9/pWFGRiBsnarIWeRaDH

Score

10^/10

exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Comet Image Logger.exe

Resource

win7-20240705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Comet Image Logger.exe

Resource

win10v2004-20240709-en

exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  Comet Image Logger.exe
- Size
  
  10.8MB
- MD5
  
  c1d0f050ce5caaa7747e4422b09e036c
- SHA1
  
  4450fcaaad77a23dbad5c004a790d92833e9bce8
- SHA256
  
  5d1507d56ace151c079f6c79b33dd3a5b2d3b311a0c49c7fb9ba1c682cc1e8e4
- SHA512
  
  52c2e30b01614ac536244129458fdb0601ccbe5ae3ce7bdf321ecd3772eea75d89bcbd92dbdef4150dae527855a9363b145d6bb6c28e3453810c9d4b415bd080
- SSDEEP
  
  196608:jFCDc+Z0PA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:RPc9vtSUvX+9/pWFGRiBsnarIWeRaDH
Score

10^/10

upx exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

exelastealerdefense_evasionevasionpersistenceprivilege_escalationpyinstallerspywarestealerupx

© 2018-2025

Terms | Privacy