General
-
Target
Exela.exe
-
Size
10.8MB
-
Sample
241206-senbtatjas
-
MD5
b4f2a6516ec981199db1409647eed245
-
SHA1
77c3aaa345fa6e38e750bae5931b040cf8e72a55
-
SHA256
def8aa5e2894d2cb1528a77b569bd14fea9005e32579c2f55194ab540e6cfd8f
-
SHA512
6cecb82da25f9ffc5f041bb2937f342dc47ccf01fcd60fbd750bed6cef9110142781e882e9e16564ae3df920328f24ab6f0e9daf3a24ea586662d7aabeec7634
-
SSDEEP
196608:uuAu0kl8lKAggiivNm1E8giq1g9mveNo+wfm/pf+xfdkR+QxxK3r2WOHWKD3beH:NAu0+aqi1m1Nqao+9/pWFGR+e03r2W6w
Behavioral task
behavioral1
Sample
Exela.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Exela.exe
-
Size
10.8MB
-
MD5
b4f2a6516ec981199db1409647eed245
-
SHA1
77c3aaa345fa6e38e750bae5931b040cf8e72a55
-
SHA256
def8aa5e2894d2cb1528a77b569bd14fea9005e32579c2f55194ab540e6cfd8f
-
SHA512
6cecb82da25f9ffc5f041bb2937f342dc47ccf01fcd60fbd750bed6cef9110142781e882e9e16564ae3df920328f24ab6f0e9daf3a24ea586662d7aabeec7634
-
SSDEEP
196608:uuAu0kl8lKAggiivNm1E8giq1g9mveNo+wfm/pf+xfdkR+QxxK3r2WOHWKD3beH:NAu0+aqi1m1Nqao+9/pWFGR+e03r2W6w
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1