exelastealer | 4b06ec6ebe8bf2c37a99083e8d8f592a99572a4691aad07b22ef16d43de8494f

General

Target

ElectronV3.zip
Size

37.5MB
Sample

241102-mvb1tsvkdn
MD5

a617668db25d48ad88cd32570ee28a03
SHA1

8c2f35f5c508923f7c4e75ada7fb595b184b512c
SHA256

4b06ec6ebe8bf2c37a99083e8d8f592a99572a4691aad07b22ef16d43de8494f
SHA512

c3b43c2ece69f4e32024a0ec17ab3f6aed13315f1f46638d2b46faf7bee826d6c7b347820fc175ba3d2446214265ed4be46a08f6c4895a7a4dac2f8dee2f4779
SSDEEP

786432:mTyXHeI/4x5x1JhA8WOwHHWydr8hDAF/Cjw+yAVAvogkrfzoP5A5k:mTOHeImnJHzmxdr8htjEsAgNoP50k

Score

10^/10

Malware Config

Targets

- Target
  
  ElectronV3.zip
- Size
  
  37.5MB
- MD5
  
  a617668db25d48ad88cd32570ee28a03
- SHA1
  
  8c2f35f5c508923f7c4e75ada7fb595b184b512c
- SHA256
  
  4b06ec6ebe8bf2c37a99083e8d8f592a99572a4691aad07b22ef16d43de8494f
- SHA512
  
  c3b43c2ece69f4e32024a0ec17ab3f6aed13315f1f46638d2b46faf7bee826d6c7b347820fc175ba3d2446214265ed4be46a08f6c4895a7a4dac2f8dee2f4779
- SSDEEP
  
  786432:mTyXHeI/4x5x1JhA8WOwHHWydr8hDAF/Cjw+yAVAvogkrfzoP5A5k:mTOHeImnJHzmxdr8htjEsAgNoP50k
Score

10^/10

pyinstaller upx exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  ElectronV3/ElectronV3.exe
- Size
  
  37.8MB
- MD5
  
  8fe4c19f89235c08d6676afba340c5b4
- SHA1
  
  198d1576fa13ba1147b0ccf01e4aba9886ae44e3
- SHA256
  
  9372ae0dcd737e61bfa791161ece3728963129c707fe7af5cc710be56c459b79
- SHA512
  
  8e17449cf72c3dea91a5ebac6e477291d63a0341bd673fb0453c8271dc913a34dfaa87143b806e66eb704778890f187416f88615768b6df9f184955d77b584d8
- SSDEEP
  
  786432:WCXvCOtmPf155bG8YCQDf4ejpmFBa3feLeKyQh/7K4rv3Fqbd:WAvCOUX5LdSrjpmFTLEw/GUqbd
Score

10^/10

upx exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Stub.pyc
- Size
  
  37.6MB
- MD5
  
  f62dfe77cdc349ad6ea458228553e85c
- SHA1
  
  6600fa3142a904c6f055a2201ebd17f29ad4b432
- SHA256
  
  c605c1ab38bf679a6b9fc20fbaec2cb2581f8fdde54f9443da7335521ac2fc3e
- SHA512
  
  facef021d052b7dbbef914cd29b9fd50fcebdeef0106fcc3260f4dd51d0c461955a95b35a2d93a2792c6d33d635854a0bd74adbb717eb0bf745cd25317a458a5
- SSDEEP
  
  49152:JIrphtwKYAWwJDlI7bgJLR9MtjoHYbpR1US+txhpSF6wQOmi9Il+Nc2N8wkciYL5:P
Score

3^/10

discovery
behavioral5 behavioral6