exelastealer | 22905cd74085b5b80d07f0ec1cd0ed187400ac63e4601c0244317b60206ae0b7

General

Target

VytrixDuper.zip
Size

12.7MB
Sample

241112-dxl45sxjbk
MD5

bbadc655d26d8e97391bb1c2bc0450ad
SHA1

94e9183777d5a60a984faaa7563e9e7a0b47c7d5
SHA256

22905cd74085b5b80d07f0ec1cd0ed187400ac63e4601c0244317b60206ae0b7
SHA512

9e7e02e85a670ca7469aebd069812df6fa0cbe2c300897b76c938559c4fc1756e95162e5f84d25851e166836bece627cd03e740d3ecd9a76aac63cdd2a9ca9dc
SSDEEP

393216:rVjp/9SpZfeHvQmH7i3zqFCWsLhbauQUAK3V8Q:P/GZObi3Z5LYuV8Q

Score

10^/10

Malware Config

Targets

- Target
  
  Requirements installer.bat
- Size
  
  579B
- MD5
  
  0731cb4896061c40bdab8f55ce5917c8
- SHA1
  
  e4862132209e887b39b3b39bcb0b359718b893a7
- SHA256
  
  13a491dcfdae51bc4ac63144b494932690ecbc5d99646b039e65ed26a141a5bc
- SHA512
  
  f76a0e38bbbdc18ccb77ca108e6d3eef3d4bb769bb2412c8533253658b45594cf37b8571417dd4d1671b51acf4508373af97db130bfd25e32a23ab6509307f84
Score

1^/10
behavioral1 behavioral2
- Target
  
  Source Code.py
- Size
  
  6KB
- MD5
  
  b8aa439871282435fe23e9fc8b982dc6
- SHA1
  
  3cd1425a62afbd2aa49fc528f4d9fac3d0cae728
- SHA256
  
  41cb1957be003b597652b9f97ae324366bea9992c2a4ffb88c4346999d54b7df
- SHA512
  
  ee78ddf1797f4338eb3269b56fa68270efe7a4cc80a234706eef4bc73b14376864513371dd3116f893fc6ac6a8e86c31b0434edd6ca89ba63a75174b5d6a0a55
- SSDEEP
  
  96:Xw1Tw/hL8s/cjbID/HWas5mNPKJ0GPafXcvwtozyJXgv3+YGMyFmnlsP:Aw/hL8s/cjO/H0mNPw8Xcvkoo4uBwlk
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  VytrixDuper.exe
- Size
  
  22.8MB
- MD5
  
  d13ae015a085b21c90f987ed36574e2d
- SHA1
  
  2488d03a0b5f72153c89089536d8c2d27527e973
- SHA256
  
  c0a3974d6029fd96b68a40c3fe56c56868a1c68ef9a128ae7d9c24ddc5785c5b
- SHA512
  
  29e0d67b71ac7aec66de9b38edeea15159e50fa7a4d96925dc578ab5ae7f31509716a7b15eadb7e1eeb614762332ca95692eb423488912b3bd9bd28c6a07601c
- SSDEEP
  
  393216:uJ/+tByxjBIn8iK1piXLGVEgMv0XXsgyYWZBo:DtAjhDiXHjvmYBo
Score

10^/10

upx exelastealer collection defense_evasion discovery evasion persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6