exelastealer | Exela[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Exela.rar
Size

80KB
MD5

466ef43e185994b44cd1f102cdc998dd
SHA1

4ef3200334f4bdb5a99bf7061277d6514dc39b44
SHA256

20dc14f060d36116c0e077dace773cb6a2d0571bc6238e51b6ad3237826d3b58
SHA512

a187ea92a866d24287c9d5910be4b8d84fc5b27c99485bd3f1e8fd4f364b2a21788f2fb3978bc7315b787ec1041c382d27fc6346d61b5b50271b9ec36bbfef72
SSDEEP

1536:84w0wKjTh4U/1x1cMQqKQqNzWSdgM1gIkO/9UbxZbY6zc7/U/6q6v:8vLKmyvxKQqVWSlanxZfzQq6v

Score

10^/10

exelastealer

Malware Config

Extracted

Family

exelastealer

https://discord.com/api/webhooks/1152920158470414406/e6cZMhR2c46WKJhAHuxbkYiUUJtxA61zPHZaJSHYHMBE8RWYV1mQZ1ZfleRCDXbyLf_t

Signatures

Exelastealer family
exelastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e9e59ca2c8e786f92e81134f088ea08c53fc4c8c252871613ccc51b473814633

Files

Exela.rar
.rar

Password: infected
bf5d70ca2faf355d86f4b40b58032f21e99c3944b1c5e199b9bb728258a95c1b
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:54:27:84:0e:b1:97:c6:3b:17:3e:50:d7:de:fd:c5:cb:c5:8e:89:53:3f:a6:af:a4:b2:8a:e9:6b:14:e8:99
Signer

Actual PE Digest

80:54:27:84:0e:b1:97:c6:3b:17:3e:50:d7:de:fd:c5:cb:c5:8e:89:53:3f:a6:af:a4:b2:8a:e9:6b:14:e8:99

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\chall\source\repos\Exela\Exela\obj\Release\Exela.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e9e59ca2c8e786f92e81134f088ea08c53fc4c8c252871613ccc51b473814633
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\chall\source\repos\Exela\Exela\obj\Release\Exela.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cbCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

80:54:27:84:0e:b1:97:c6:3b:17:3e:50:d7:de:fd:c5:cb:c5:8e:89:53:3f:a6:af:a4:b2:8a:e9:6b:14:e8:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 87KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 87KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

80:54:27:84:0e:b1:97:c6:3b:17:3e:50:d7:de:fd:c5:cb:c5:8e:89:53:3f:a6:af:a4:b2:8a:e9:6b:14:e8:99
Signer

.text
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B