exelastealer | 7507e3bb19c671257603fa38f1460c1614b839477e280ef079966cb3fbd93956

General

Target

monster.exe.zip
Size

10.7MB
Sample

241028-yalkbawapp
MD5

2be834818726e557d8bb9954329db127
SHA1

fd79843a938e9a1fe9b5aded938d2d06ff0cadab
SHA256

7507e3bb19c671257603fa38f1460c1614b839477e280ef079966cb3fbd93956
SHA512

cbbd03bf7175c9e39e46597d60c8fbfba8d7fb5ab429fa0039ff2c9f41b8c1a9d0bde6a69b914c9d833a9922dc084ebf91023e09f9f54031cc594766f8b12e69
SSDEEP

196608:t3Qiyquc4X2niwqIqxEN5ABRFdSrXIfBswwIavWH9Q7aTWJKg5G4Of6x:t3QNbcIyfeo5c2rXI+xvtOTWEgZB

Score

10^/10

Malware Config

Targets

- Target
  
  monster.exe.bin
- Size
  
  10.7MB
- MD5
  
  3f4f5c57433724a32b7498b6a2c91bf0
- SHA1
  
  04757ff666e1afa31679dd6bed4ed3af671332a3
- SHA256
  
  0608a7559f895fab33ae65bbfbdc5bebd21eea984f76e1b5571c80906824d665
- SHA512
  
  cf572ca616b4f4e6e472e33e8d6d90b85d5885fa64d8bca4507450d66d65057efa771f58c31ea13f394fd0e7b0ff2fcaa9d54c61f28b27b98a79c27bc964f935
- SSDEEP
  
  196608:mRu4YAJSAfoaqA6U+L5LsSmyYbH6t08RMQcCqcGUIRBw0xvH77Y:2u4YAJSAfoaZ0sSmpH6W8R/RVIc2vH7
Score

10^/10

monster stealer exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware
- Detects Monster Stealer.
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Monster
  Monster is a Golang stealer that was discovered in 2024.
  stealer monster
- Monster family
  monster
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2