exelastealer | bad696a4fb418442c9b6531d1cbe686e3a5d835c344775ab4d941eb2ce43b784

General

Target

SecuriteInfo.com.Win64.MalwareX-gen.28480.11199.zip
Size

10.4MB
Sample

241028-ygny1swaph
MD5

1ce70adb505c5dec842246a035a12b1b
SHA1

84208da481804642153c5e25cbb8b15c059dbb7d
SHA256

bad696a4fb418442c9b6531d1cbe686e3a5d835c344775ab4d941eb2ce43b784
SHA512

a6db92705f0d2b208532d78dbbed4682fcb00f2534722dcd7b9409021d3a258a301fbb534d6a5c96c36ee88d40ef19d1bc46bcb4d909db72fe4a7c8d420a2082
SSDEEP

196608:vtZjIcag0WFP8lqJ+g5QCKLIV5/65QiEpuTziGNfC8wLma9D3r+n9a6K5/cfRoae:v/zECJ+yqi65apuiGNNwig+n9B2/gSae

Score

10^/10

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win64.MalwareX-gen.28480.11199
- Size
  
  10.5MB
- MD5
  
  a5c740eb48fafb9b25d06c22b6f4a7e9
- SHA1
  
  70a24d83379e205bbbcda72da177fa0baae2be7f
- SHA256
  
  93429472073d0794c411a71f2f161aa8d7b8c51606ab497175cc5863fea7fba8
- SHA512
  
  524b83c112064bafbec17b43ef03f5f41888c584fc0baf2da59e58befa40b4cb7920f6e4a6f598289749919fbf7394a74352c0b301d1d1594e133aaf96cd3808
- SSDEEP
  
  196608:2eoNf7uyka/QRjnlhJPPyEhQVM1LPg8TFhaF08ckcNy9i4KuZp2E8rK:27NFEj3pHhQVEPg8TFhN8eOPKuX2EV
Score

10^/10

monster stealer exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware
- Detects Monster Stealer.
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Monster
  Monster is a Golang stealer that was discovered in 2024.
  stealer monster
- Monster family
  monster
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2