exelastealer | f918a13dc2c83df5da9e9243a4f39420a40314c39982af4b4d402001e0968e39

Sharing

General

Target

Exela-V2.0-main (1).zip
Size

578KB
Sample

241012-fsm7razblr
MD5

1284123a329839e8c0f2db4687ab0de4
SHA1

f02e5610c7038857d1be6dfb2ca85daeb7a90f79
SHA256

f918a13dc2c83df5da9e9243a4f39420a40314c39982af4b4d402001e0968e39
SHA512

7313649e5f0c4eee7c2001ff531faf77c16408d44dee655e9185f9110e75f220afd5757f764faf05f9f385c42283050dc41668866c6e14100d9a656a15bc63fc
SSDEEP

12288:wBfguFY+SdywXfBslqY7b9ukR6lurtTLS+28Ym52hpKD6OFjIZfgWflLawb:afguFY+SXXSlqmxp6wtTLl27m5wp0fpc

Score

10^/10

Malware Config

Targets

- Target
  
  Exela-V2.0-main (1).zip
- Size
  
  578KB
- MD5
  
  1284123a329839e8c0f2db4687ab0de4
- SHA1
  
  f02e5610c7038857d1be6dfb2ca85daeb7a90f79
- SHA256
  
  f918a13dc2c83df5da9e9243a4f39420a40314c39982af4b4d402001e0968e39
- SHA512
  
  7313649e5f0c4eee7c2001ff531faf77c16408d44dee655e9185f9110e75f220afd5757f764faf05f9f385c42283050dc41668866c6e14100d9a656a15bc63fc
- SSDEEP
  
  12288:wBfguFY+SdywXfBslqY7b9ukR6lurtTLS+28Ym52hpKD6OFjIZfgWflLawb:afguFY+SXXSlqmxp6wtTLl27m5wp0fpc
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Exela-V2.0-main/AssemblyFile/version.txt
- Size
  
  1KB
- MD5
  
  b13f73267d6a3e865a941bf7bb817d19
- SHA1
  
  d316522907e81cc1a276e9ac8f31ffd3fbfda75e
- SHA256
  
  5c7da4bf53b1ebda26683c75e5c03d1d062683d4f1af10db939ba334787136cf
- SHA512
  
  cd1fa569e55c490d0546a50b6dfecbc3ca265fba8566c33d25bd3e6d173366781d0dc1d11bcf5606322ba64926fed815c3d54184357c4afef72647cda89aa274
Score

1^/10
behavioral3 behavioral4
- Target
  
  Exela-V2.0-main/Exela.py
- Size
  
  140KB
- MD5
  
  53d0f2edf910d03bf6a5b2a2806adf02
- SHA1
  
  48beb9f2cca54ffc5e19c829bcaf03b167ea7eb4
- SHA256
  
  ff0b26b330f3bddc1a9eba6dae2bc4f8609fc85592f8f3c6344f2907a7a57cf9
- SHA512
  
  f4cb0a556441097021a53c09105793fc7cca4240b1471a486b665849fd2d498afb007485bec284b02e4a68aec012e6e4b6b31a6e56ac712a925e66d76008b866
- SSDEEP
  
  1536:7iYj57SAiFZ49jKyZrwnuHHAz2yv07Q5lnpO0yZdaC12J0vGULqDDC/+0M4ToxK8:B7JWewygludaC2JwNYC/+sl/0
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Exela-V2.0-main/LICENSE
- Size
  
  1KB
- MD5
  
  f57ba58cdbeb92901c54411f17778ecf
- SHA1
  
  c8a7afdaf560972b15d3455b1634ffbee230c7ff
- SHA256
  
  61942d31cc5c5791bf214fbab7de4649fb4d15d5e058b2646d9ffbf40bffcac5
- SHA512
  
  536c29c8ab24fc4b03fa153cc79189a42c5eb9febb917c3460b342f93c35ef83c52e0f5f0e042dd7a25eff612094616c96e9bd9aee42423d7edc158f61701bfb
Score

1^/10
behavioral7 behavioral8
- Target
  
  Exela-V2.0-main/Obfuscator/obf.py
- Size
  
  6KB
- MD5
  
  bfbf108641c41832ac8584a6b85960cc
- SHA1
  
  978719dd1d5bf0c64138d1b5082bd2952fe99f5c
- SHA256
  
  2ba721b0f3311123399cfa098502ad53cfa4e8e0fe6ce0de65ed2c84ea1c1101
- SHA512
  
  5084d394f375de4e741da68c35387793496c8c7c7b178c40cbfa3c50fa91e99cb28cace978ca9abb4155d68adc94ef6106ab690a808285eb3e9e27e23f10a1a8
- SSDEEP
  
  192:wtcWEKm7AwfMIB/fGPEPPP8PEPyPkP/PyPfPyPtPyPaPyP+PyPMPyP5PPP8PpPyV:qpm7AQDNGPEPPP8PEPyPkP/PyPfPyPtw
Score

10^/10

exelastealer collection defense_evasion discovery evasion persistence privilege_escalation pyinstaller spyware stealer upx
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Deletes itself
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  Exela-V2.0-main/README.md
- Size
  
  7KB
- MD5
  
  5a9c53cab4888a16488776dabaa8ffa0
- SHA1
  
  819665cd8bf93032d177243a8c88a0414a5f67de
- SHA256
  
  862c3d6ddfa842f83fc5106366c8e761edda554dcb6e1d8c54b7078995c49e31
- SHA512
  
  f3cc668d6994c2877bb3ba86f1a49d2535656f030c25aae4a1ec101cf0ab7b4e78414ef00a0b0c820a9870145fc297ae4072c7711ccefcc1057435194a3ed274
- SSDEEP
  
  192:vSWDPtBfIaR6kBxowZq3THlWmpBwBOXoslY705N:vSWDVBfIaRBxowZGTHlWmIUXTYAj
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Exela-V2.0-main/UPX/upx.exe
- Size
  
  550KB
- MD5
  
  39ecdf78cb357513d1fd565c5e9edbdd
- SHA1
  
  433bb8e090e48ea304c89bab1bf1b5defaaa08d7
- SHA256
  
  1ea92da93eeaf4d456114b847b9bddfb47ef854e7c24143f290d5e3f44973e91
- SHA512
  
  e83f04a8f7f5ffe257747f5b294d17d386ce700f4c59afa6ab9c4995be8ae33d34add425472722538c429ea0decd797393d5316d620df6d2895c2930e2474efb
- SSDEEP
  
  12288:G5ngMB4arMslBeWZdK8hXN4f0K2YQpDZOBEVOEA/ToKrkW1A9N3:G9g349lPZdZ8Mg6+hB
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  out.upx
- Size
  
  2.0MB
- MD5
  
  d1c154f7759560c82691959e4f68fd19
- SHA1
  
  60481cd8a6ccfc3d4a38992725f0e2315b43ff8f
- SHA256
  
  7b9d20097706b569d6e183372cf433739d9dedc2dcd5f955d8906f6b18e123f9
- SHA512
  
  a5fa3ea28026197bc5436a0b7dfe0d6e9a46a36e3c1e3de853bc1ba9caa157f100151dc14de196101953d3491bf407e4a519d4fc2e65ac0c08b5c47b4f5f780e
- SSDEEP
  
  24576:Wwdc9ilRcNNifj+Wf5jgz+8K7Ik66dT3gR/prvCHtg6HzRziD:WAlRcNNDy8IIktwvCRz
Score

1^/10
behavioral15 behavioral16
- Target
  
  Exela-V2.0-main/builder.py
- Size
  
  9KB
- MD5
  
  c334e5c6dbdc27f8e8b48d1dac286f23
- SHA1
  
  4bc5853e91ad009c82efb16b8b4db489ea762995
- SHA256
  
  27ebc271f47bd76b63b5f3aa36b7f0587f3bd543c9ca5e0e89719df54ef82f73
- SHA512
  
  2de1d4879194e664d5d0911d1c36b6bf7c89fc25e86890e7028398c657ecb667564df08db7d7436a04a3cf7b1db30eb8ecd252b71281ca7b1523139871c47a13
- SSDEEP
  
  192:+m8jnYv13epp3UfI2Pa/fcjzgLu1krJUPjDxsOl/Zapl:+m4nM1upp39V8ELblU7DxsOfw
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Exela-V2.0-main/install.bat
- Size
  
  877B
- MD5
  
  cd480b40656a01015f5c7e16832d3384
- SHA1
  
  c446c9cb3a534d9ea432916bbd04b466a07d4521
- SHA256
  
  c2863c67203376c14e8f2c64e16f65185d2f1272c75fe9d6b43f301ad1181d64
- SHA512
  
  0504e98fbb276374b9c3aa8edab36154b412934269d1cda99e8b0742c0f1071326cc3ad5e08e51446421dcedcce362ef6d51e22461a4267ed92f3abba0e87576
Score

1^/10
behavioral19 behavioral20