exelastealer | d8b830967aa44abc30cd1421ba8b77c0aa7590907d134f7e892ae8c41c968d22 | Triage

Submit
Reports

Overview

overview

Static

static

3

ElectronV3.exe

windows7-x64

7

ElectronV3.exe

windows10-2004-x64

ElectronV3.exe

macos-10.15-amd64

4

Resubmissions

26/09/2024, 21:40 UTC

240926-1jbskssclg 10

Sharing

General

Target

ElectronV3.exe
Size

10.1MB
Sample

240926-1jbskssclg
MD5

ea27c364209eee7c095396b534362bdc
SHA1

cebe557b5896fc48ed94ad6cef81191cd5a6dd99
SHA256

d8b830967aa44abc30cd1421ba8b77c0aa7590907d134f7e892ae8c41c968d22
SHA512

69a7241adf1bba552c23190a9d5fc853cce03b8840e7f3ea601d2babc43eafb35b05cabd776021962af0d6a886d7cf3246eeaf6d5eeec8bb1c5a2b941a5fc091
SSDEEP

196608:kBmypefx+nr/TLx4hz7DIxyseNaHFJMIDJ+gsAGKkRHDq7c1W:T4nLTGz7kc6Fqy+gs12Y

Score

10^/10

exelastealer collection defense_evasion discovery evasion macos persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ElectronV3.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ElectronV3.exe

Resource

win10v2004-20240802-en

exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware stealer upx

windows10-2004-x64

30 signatures

150 seconds

Behavioral task

behavioral3

Sample

ElectronV3.exe

Resource

macos-20240711.1-en

macos-10.15-amd64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  ElectronV3.exe
- Size
  
  10.1MB
- MD5
  
  ea27c364209eee7c095396b534362bdc
- SHA1
  
  cebe557b5896fc48ed94ad6cef81191cd5a6dd99
- SHA256
  
  d8b830967aa44abc30cd1421ba8b77c0aa7590907d134f7e892ae8c41c968d22
- SHA512
  
  69a7241adf1bba552c23190a9d5fc853cce03b8840e7f3ea601d2babc43eafb35b05cabd776021962af0d6a886d7cf3246eeaf6d5eeec8bb1c5a2b941a5fc091
- SSDEEP
  
  196608:kBmypefx+nr/TLx4hz7DIxyseNaHFJMIDJ+gsAGKkRHDq7c1W:T4nLTGz7kc6Fqy+gs12Y
Score

10^/10

upx exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Resource Forking

Impair Defenses

Disable or Modify System Firewall

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Network Service Discovery

Permission Groups Discovery

Local Groups

Process Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

System Network Connections Discovery

Lateral Movement

Collection

Clipboard Data

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

exelastealercollectiondefense_evasiondiscoveryevasionpersistenceprivilege_escalationspywarestealerupx

behavioral3

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.