General

  • Target

    Exela.exe

  • Size

    14.3MB

  • Sample

    241018-3l949swfjp

  • MD5

    941c26e257d01333a0cf14810df59bb6

  • SHA1

    70f8bebd9eeae1d9b9b952f3d0e807bb2499c852

  • SHA256

    09e52a08f8c4b9f9c4bfd03fe39f4b0fa65dbe66449c8f92ef15e5bcb6cc7c3f

  • SHA512

    3fdc9311dde2adbd8da8392b0c2390cb6f2c9a7431fbfafe25a28a85b05f299f3721d116820564ea4e3665cfaeb3640abe1f2d747361b0c96dc78f3d9168fc81

  • SSDEEP

    393216:MVeS3TGz7k/urEUWjuy3zYNUX0ydIepTkfLCH:Wu72dbuykUPDpTj

Malware Config

Targets

    • Target

      Exela.exe

    • Size

      14.3MB

    • MD5

      941c26e257d01333a0cf14810df59bb6

    • SHA1

      70f8bebd9eeae1d9b9b952f3d0e807bb2499c852

    • SHA256

      09e52a08f8c4b9f9c4bfd03fe39f4b0fa65dbe66449c8f92ef15e5bcb6cc7c3f

    • SHA512

      3fdc9311dde2adbd8da8392b0c2390cb6f2c9a7431fbfafe25a28a85b05f299f3721d116820564ea4e3665cfaeb3640abe1f2d747361b0c96dc78f3d9168fc81

    • SSDEEP

      393216:MVeS3TGz7k/urEUWjuy3zYNUX0ydIepTkfLCH:Wu72dbuykUPDpTj

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.