exelastealer | 7b13c21c7c7fdf7b6fc3e558c5ffbc0424b92d69e1320fdfda04f1d1b91a42a5

General

Target

Exela.rar.zip
Size

80KB
Sample

241028-x8skvawaml
MD5

2db8e7e3cad194c423b148c4a35aa86f
SHA1

35fa7de60865ca536139ecabefe4d8f16b0f7a04
SHA256

7b13c21c7c7fdf7b6fc3e558c5ffbc0424b92d69e1320fdfda04f1d1b91a42a5
SHA512

f14ec6e6b9c8a474bc7c47a2e3af9c349586134e8e22c56cd92f360248fecbf768c2e149e4eaac2f315f7b5528af92842334704aa1cb993179ba7089eb277d94
SSDEEP

1536:k8wzv2M52fIi/fn2BHHuGh/uMPW9KSU795kBQ+VhlEiJzb5qWcGkMRNi:k8wzvx2J/GuG5B9+V/DzkMG

Score

10^/10

Malware Config

Extracted

Family

exelastealer

C2

https://discord.com/api/webhooks/1152920158470414406/e6cZMhR2c46WKJhAHuxbkYiUUJtxA61zPHZaJSHYHMBE8RWYV1mQZ1ZfleRCDXbyLf_t

Targets

- Target
  
  bf5d70ca2faf355d86f4b40b58032f21e99c3944b1c5e199b9bb728258a95c1b
- Size
  
  99KB
- MD5
  
  369f704a2f7482c34be13941454e57c9
- SHA1
  
  343cff02d08a56f75d76052d541a21ba39081d8a
- SHA256
  
  bf5d70ca2faf355d86f4b40b58032f21e99c3944b1c5e199b9bb728258a95c1b
- SHA512
  
  43fdb5bc0d8fadfa5b778639dd99ce767834c19b935f20607029ced8995f73fb408f01398a7014b33749355d2d6542df203bdf96660345df2ec38eeade5578d4
- SSDEEP
  
  1536:6OrgQySDTYowOxhyR999vAFH/N1k7SZCHvqxuV/QHzw4iQMTqncAd8zul:QGMt999vUHF5ZCHvguV/QHzw2MTqFas
Score

10^/10

exelastealer discovery persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  e9e59ca2c8e786f92e81134f088ea08c53fc4c8c252871613ccc51b473814633
- Size
  
  89KB
- MD5
  
  b53eee189e09945c07a464d82be57e4e
- SHA1
  
  93bf21ecb240ba177734600f6eef642f8a41f229
- SHA256
  
  e9e59ca2c8e786f92e81134f088ea08c53fc4c8c252871613ccc51b473814633
- SHA512
  
  6a7bc4d1447f5cc906152c591e1f2737c22059d1915febcbe8906eb9fcf2da3e9b33de215ce4498ed01024b57a7e12e9801c4907ca4109e01f94180545782a61
- SSDEEP
  
  1536:EOrgQySDTYowOxhyR999vAFH/N1k7SZCHvqxuV/QHzw4iQMTq:uGMt999vUHF5ZCHvguV/QHzw2MTq
Score

10^/10

exelastealer discovery persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4