exelastealer | 65669360443466d9e8a8e4beefa5325b2eb7350904e52a005d3054e56686268f

General

Target

setup.exe
Size

12.0MB
Sample

240812-fp8paa1ckh
MD5

57988ddc12cce2d1186469c17350739d
SHA1

ae903434ed5969dd570cbdafac5bf84e3f21f304
SHA256

65669360443466d9e8a8e4beefa5325b2eb7350904e52a005d3054e56686268f
SHA512

a1d15008510a0adba09ba4bd82073bd7071f7b56d7b47c48d93967739ac2a69d49b2b57a1a1272e04eb1b38e5860a30d056ce8e899ec2c0e5c77dae1f286f024
SSDEEP

196608:X++9eCdqyU3b01Kpn3V+uq+VvpoA1HeT39IigQCeE9TFa0Z8DOjCdylVSE06Qf/v:X9eC4dL01+l+uq+Vvz1+TtIiLPY9Z8D7

Score

10^/10

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  12.0MB
- MD5
  
  57988ddc12cce2d1186469c17350739d
- SHA1
  
  ae903434ed5969dd570cbdafac5bf84e3f21f304
- SHA256
  
  65669360443466d9e8a8e4beefa5325b2eb7350904e52a005d3054e56686268f
- SHA512
  
  a1d15008510a0adba09ba4bd82073bd7071f7b56d7b47c48d93967739ac2a69d49b2b57a1a1272e04eb1b38e5860a30d056ce8e899ec2c0e5c77dae1f286f024
- SSDEEP
  
  196608:X++9eCdqyU3b01Kpn3V+uq+VvpoA1HeT39IigQCeE9TFa0Z8DOjCdylVSE06Qf/v:X9eC4dL01+l+uq+Vvz1+TtIiLPY9Z8D7
Score

10^/10

exelastealer collection credential_access defense_evasion discovery evasion persistence privilege_escalation pyinstaller spyware stealer upx
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2
- Target
  
  Setup.pyc
- Size
  
  713B
- MD5
  
  b4cba0f1d1e2f17a53a2cf1b4ce4988a
- SHA1
  
  92a5706f25b8fefe1af34ec499e8eafc073eca23
- SHA256
  
  cc9e5a14e630b0c2312a44264fd177070097d8c52fb7ee13d5d4a896725c43b2
- SHA512
  
  04fb568544c51f07ec1b5a55c125476cc9cf48b4d3f7dea493d1e5c39fae34d1ff52d02fb9520e003969bddc93178c0795a0d6eecde6fabfa7f74019215e40ec
Score

3^/10

discovery
behavioral3 behavioral4