General

  • Target

    Exela.rar

  • Size

    80KB

  • Sample

    241028-x6c3davgqd

  • MD5

    466ef43e185994b44cd1f102cdc998dd

  • SHA1

    4ef3200334f4bdb5a99bf7061277d6514dc39b44

  • SHA256

    20dc14f060d36116c0e077dace773cb6a2d0571bc6238e51b6ad3237826d3b58

  • SHA512

    a187ea92a866d24287c9d5910be4b8d84fc5b27c99485bd3f1e8fd4f364b2a21788f2fb3978bc7315b787ec1041c382d27fc6346d61b5b50271b9ec36bbfef72

  • SSDEEP

    1536:84w0wKjTh4U/1x1cMQqKQqNzWSdgM1gIkO/9UbxZbY6zc7/U/6q6v:8vLKmyvxKQqVWSlanxZfzQq6v

Malware Config

Extracted

Family

exelastealer

C2

https://discord.com/api/webhooks/1152920158470414406/e6cZMhR2c46WKJhAHuxbkYiUUJtxA61zPHZaJSHYHMBE8RWYV1mQZ1ZfleRCDXbyLf_t

Targets

    • Target

      bf5d70ca2faf355d86f4b40b58032f21e99c3944b1c5e199b9bb728258a95c1b

    • Size

      99KB

    • MD5

      369f704a2f7482c34be13941454e57c9

    • SHA1

      343cff02d08a56f75d76052d541a21ba39081d8a

    • SHA256

      bf5d70ca2faf355d86f4b40b58032f21e99c3944b1c5e199b9bb728258a95c1b

    • SHA512

      43fdb5bc0d8fadfa5b778639dd99ce767834c19b935f20607029ced8995f73fb408f01398a7014b33749355d2d6542df203bdf96660345df2ec38eeade5578d4

    • SSDEEP

      1536:6OrgQySDTYowOxhyR999vAFH/N1k7SZCHvqxuV/QHzw4iQMTqncAd8zul:QGMt999vUHF5ZCHvguV/QHzw2MTqFas

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      e9e59ca2c8e786f92e81134f088ea08c53fc4c8c252871613ccc51b473814633

    • Size

      89KB

    • MD5

      b53eee189e09945c07a464d82be57e4e

    • SHA1

      93bf21ecb240ba177734600f6eef642f8a41f229

    • SHA256

      e9e59ca2c8e786f92e81134f088ea08c53fc4c8c252871613ccc51b473814633

    • SHA512

      6a7bc4d1447f5cc906152c591e1f2737c22059d1915febcbe8906eb9fcf2da3e9b33de215ce4498ed01024b57a7e12e9801c4907ca4109e01f94180545782a61

    • SSDEEP

      1536:EOrgQySDTYowOxhyR999vAFH/N1k7SZCHvqxuV/QHzw4iQMTq:uGMt999vUHF5ZCHvguV/QHzw2MTq

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks