General
-
Target
cracked by dev.exe
-
Size
32.7MB
-
Sample
240720-c93f8awfng
-
MD5
cb5bc64a530b864a09ad7ed3b80c6add
-
SHA1
8cbaf4219505fb219fbb6b2b6f8daf010086c84e
-
SHA256
5fa131f952f0311246f5165313b43bca2ca4fcffc6beb331bbe642f410dbf316
-
SHA512
5e44e9816e3212dd6b3bc416daf6b4fa26cdedab87f9bd446205d44f958e3bf9f6971dfd1876eb3ca2bb9484c84890e3953677e4ab7e66e669265195a00991c1
-
SSDEEP
786432:eapbHFe/cnH7GqOgVlgn4hrdvstr8w37Mc9mgqOvbB8uzE1FdI:fJwE3Ogq4hrdkr8wrMcQpOvbB3zEv
Malware Config
Targets
-
-
Target
cracked by dev.exe
-
Size
32.7MB
-
MD5
cb5bc64a530b864a09ad7ed3b80c6add
-
SHA1
8cbaf4219505fb219fbb6b2b6f8daf010086c84e
-
SHA256
5fa131f952f0311246f5165313b43bca2ca4fcffc6beb331bbe642f410dbf316
-
SHA512
5e44e9816e3212dd6b3bc416daf6b4fa26cdedab87f9bd446205d44f958e3bf9f6971dfd1876eb3ca2bb9484c84890e3953677e4ab7e66e669265195a00991c1
-
SSDEEP
786432:eapbHFe/cnH7GqOgVlgn4hrdvstr8w37Mc9mgqOvbB8uzE1FdI:fJwE3Ogq4hrdkr8wrMcQpOvbB3zEv
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Stops running service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
1System Services
1Service Execution
1Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1