exelastealer | 3f45b4acd905e47dbc1357ec44040af6e1fcb68fd09d8bacccad0d729be1d5da

General

Target

ElectronV3.rar
Size

11.0MB
Sample

240808-13naqa1clj
MD5

fae8140fc10e55657ec9998ed3f32a30
SHA1

d27f46d9e120453a13c7f29b3833ec8ab660d3db
SHA256

3f45b4acd905e47dbc1357ec44040af6e1fcb68fd09d8bacccad0d729be1d5da
SHA512

ef4fef5be5a9548446c385a948286e47b1582ce2c355324618b905d2572b6d3d44a5a79f1a73238439e6d2f941a0628b1e0d68b01c82c2a95ea81d6d7e70444f
SSDEEP

196608:EtWMBvqCsY56Pmf9niNjK1hP5dimc6O4kzIEYZa337rmcc3EV2c+LSneFrhf1Z:EggFs49i46xUh637AuVOS4rhf1Z

Score

10^/10

Malware Config

Targets

- Target
  
  ElectronV3.rar
- Size
  
  11.0MB
- MD5
  
  fae8140fc10e55657ec9998ed3f32a30
- SHA1
  
  d27f46d9e120453a13c7f29b3833ec8ab660d3db
- SHA256
  
  3f45b4acd905e47dbc1357ec44040af6e1fcb68fd09d8bacccad0d729be1d5da
- SHA512
  
  ef4fef5be5a9548446c385a948286e47b1582ce2c355324618b905d2572b6d3d44a5a79f1a73238439e6d2f941a0628b1e0d68b01c82c2a95ea81d6d7e70444f
- SSDEEP
  
  196608:EtWMBvqCsY56Pmf9niNjK1hP5dimc6O4kzIEYZa337rmcc3EV2c+LSneFrhf1Z:EggFs49i46xUh637AuVOS4rhf1Z
Score

3^/10

discovery
behavioral1
- Target
  
  ElectronV3/ElectronV3.exe
- Size
  
  11.1MB
- MD5
  
  4979832d16c1939778dca736be8e71ea
- SHA1
  
  baac87a287eb2196e007210c035b8aee30d4e7e8
- SHA256
  
  0a6f14a7712e40df040843f1dde023197159f45c234e8c2f235c8d8b986bede9
- SHA512
  
  57350dc480015767bc312cbcfd7f41d7616f81134f447c84b41923d100fedd1632fcaefa556a19dc6119cc2a972cbf11a7d06a10b4b234234e73c5e2179b9cbd
- SSDEEP
  
  196608:mpMt8FC/PANmJb3tQk5tOeNvX+wfm/pf+xfdkRAzLWK8rIWOzW0DaqkH:mMnANm7v5tRvX+9/pWFGR+LB8rIWeRaL
Score

10^/10

exelastealer collection credential_access defense_evasion discovery evasion persistence privilege_escalation spyware stealer upx
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral2
- Target
  
  Stub.pyc
- Size
  
  875KB
- MD5
  
  01e9f7b0c0143701032f7848d9aae1df
- SHA1
  
  da03e106fece7cf9c0987f41482cf74d12210552
- SHA256
  
  5978b1262d15e43a593711b6e1876f6d34446962ed0cf740b39b405862d11c70
- SHA512
  
  f9648f045faff44500abb6772f8818aaf49908bf90c7b45c741c352cef617841f6ccd14bf6e6b6584ba61431ed13625825443f5a40d9ddfbddfb72f48e726488
- SSDEEP
  
  12288:O3ghyi9BfhOeNMCEu3aKCez4o3qdnuPuQy2r4qtJ7SMNddH1qCKWzFYQmSbnkVXF:O3ghy+UeNaubCez4mvxbrDHvkqzkNF
Score

3^/10
behavioral3
- Target
  
  ElectronV3/bin/agree.txt
- Size
  
  4B
- MD5
  
  b326b5062b2f0e69046810717534cb09
- SHA1
  
  5ffe533b830f08a0326348a9160afafc8ada44db
- SHA256
  
  b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
- SHA512
  
  9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de
Score

3^/10
behavioral4
- Target
  
  ElectronV3/scripts/Inf Yield.txt
- Size
  
  98B
- MD5
  
  727b09f7da97df9cf7eb1bbe0eb19fed
- SHA1
  
  24b31b8e25757f0b3c94c143435fcbd084eb3c52
- SHA256
  
  eabc284aad668b0911ea92fea5b0fcd2803fbfdf651b5fa0b4cf5e0b63544a12
- SHA512
  
  af379acccefb60b1ca465076469c57d09f846467b94f4ae500dcaf0c69e4418d2bf5cac3af89ad3e177291ce1d63d0649f34bc5ebeec714b66d98b365901360e
Score

3^/10
behavioral5
- Target
  
  ElectronV3/workspace/IY_FE.iy
- Size
  
  539B
- MD5
  
  291d5636a434c4f1ceb0f3f776c2a51f
- SHA1
  
  ae287e08f71c522a72812f0dace94b8ffb569341
- SHA256
  
  73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452
- SHA512
  
  7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743
Score

3^/10
behavioral6