exelastealer | c18455e3abbd0f73c4bc2a8375cbc555c754b64a0c1490be800d56234850ad72

General

Target

Boostrapper.exe
Size

42.5MB
Sample

240905-y7mhwaydrp
MD5

86cfc8d06cbfbffa225df3d6f23adaaf
SHA1

b60657dc88fadba6332a5185440c6f1b5ee18c4b
SHA256

c18455e3abbd0f73c4bc2a8375cbc555c754b64a0c1490be800d56234850ad72
SHA512

51016341645f2663a8a69b15d2b3f14f118ae8d88d096635e7b045340cdaf8ca48f7081445134079b9cc042d6427ebe0fbebc10fb609c5209ba9bc2f2d282468
SSDEEP

786432:9Z9AOQw0A8yHKyKne72lvosS/CY3MoEJbTiumfSfz+EvbD+0/pW/Zd4jb7:RAOQwzHueQQXKYOxTivfSffvb6SaZGjn

Score

10^/10

Malware Config

Targets

- Target
  
  Boostrapper.exe
- Size
  
  42.5MB
- MD5
  
  86cfc8d06cbfbffa225df3d6f23adaaf
- SHA1
  
  b60657dc88fadba6332a5185440c6f1b5ee18c4b
- SHA256
  
  c18455e3abbd0f73c4bc2a8375cbc555c754b64a0c1490be800d56234850ad72
- SHA512
  
  51016341645f2663a8a69b15d2b3f14f118ae8d88d096635e7b045340cdaf8ca48f7081445134079b9cc042d6427ebe0fbebc10fb609c5209ba9bc2f2d282468
- SSDEEP
  
  786432:9Z9AOQw0A8yHKyKne72lvosS/CY3MoEJbTiumfSfz+EvbD+0/pW/Zd4jb7:RAOQwzHueQQXKYOxTivfSffvb6SaZGjn
Score

10^/10

upx exelastealer collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2