Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Exela.exe

  • Size

    10.9MB

  • Sample

    241216-d3yecstlhp

  • MD5

    569f1635e5b478ffa5bbee02ea77214f

  • SHA1

    bebb4392b6d48c09240d7982354e20473cc5018c

  • SHA256

    5b12ec859bd90304a7a2efca2e74e60bc9770788b8c962dab08d7cc0f935d239

  • SHA512

    6ca40b5e6f7f606bb46256bbacbcb58c703bb1d2e25caed9512e4ffd70bdf3747e62e53f8eb970513f4ff03c6c470868a857ada9b8166fec6823f3dd022a298a

  • SSDEEP

    196608:FWKASm9cemXyuSyTde8zveNK+wfm/pf+xfdkRixKEr2WOHWKD39eH:WSm/tByxjgK+9/pWFGRi0Er2W673MH

Malware Config

Targets

    • Target

      Exela.exe

    • Size

      10.9MB

    • MD5

      569f1635e5b478ffa5bbee02ea77214f

    • SHA1

      bebb4392b6d48c09240d7982354e20473cc5018c

    • SHA256

      5b12ec859bd90304a7a2efca2e74e60bc9770788b8c962dab08d7cc0f935d239

    • SHA512

      6ca40b5e6f7f606bb46256bbacbcb58c703bb1d2e25caed9512e4ffd70bdf3747e62e53f8eb970513f4ff03c6c470868a857ada9b8166fec6823f3dd022a298a

    • SSDEEP

      196608:FWKASm9cemXyuSyTde8zveNK+wfm/pf+xfdkRixKEr2WOHWKD39eH:WSm/tByxjgK+9/pWFGRi0Er2W673MH

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.