exelastealer | 0a90362ad75bed4a002981211d2ac7a78513025e92ad5e6fa0db80cf1f11e3f0

General

Target

Exela.exe
Size

11.8MB
Sample

250321-wfzysaylw2
MD5

d75b9637a5545a8b1d14ad58f830df88
SHA1

539a1d800b685eabdb6b9a0c4200b9c07a5a23b3
SHA256

0a90362ad75bed4a002981211d2ac7a78513025e92ad5e6fa0db80cf1f11e3f0
SHA512

ab77120f762b38a2e7d9133ad863fe2bc9dbdcb87d63fc0cec35976cc7935d5d44a8442879b138acca04360a16fd4f36814f1e9bbc9fb4bc311af3af37bca283
SSDEEP

196608:M0fNCNKA2WkJuG0bBrmRXwXXXveNC+wfm/pf+xfdjSEqRuRpzxKMr2WOHWnD3ueH:nNqLWgXMC+9/pWF8NRY0Mr2W603BH

Score

10^/10

Malware Config

Targets

- Target
  
  Exela.exe
- Size
  
  11.8MB
- MD5
  
  d75b9637a5545a8b1d14ad58f830df88
- SHA1
  
  539a1d800b685eabdb6b9a0c4200b9c07a5a23b3
- SHA256
  
  0a90362ad75bed4a002981211d2ac7a78513025e92ad5e6fa0db80cf1f11e3f0
- SHA512
  
  ab77120f762b38a2e7d9133ad863fe2bc9dbdcb87d63fc0cec35976cc7935d5d44a8442879b138acca04360a16fd4f36814f1e9bbc9fb4bc311af3af37bca283
- SSDEEP
  
  196608:M0fNCNKA2WkJuG0bBrmRXwXXXveNC+wfm/pf+xfdjSEqRuRpzxKMr2WOHWnD3ueH:nNqLWgXMC+9/pWF8NRY0Mr2W603BH
Score

10^/10

upx exelastealer collection defense_evasion discovery persistence privilege_escalation spyware stealer
- Exela Stealer
  Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
  stealer exelastealer
- Exelastealer family
  exelastealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  defense_evasion
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Stub.pyc
- Size
  
  874KB
- MD5
  
  1878429e557ab3b7c40255159873a138
- SHA1
  
  424cf7f25e131cc063b25d5f7705732166b4d8b0
- SHA256
  
  d4d6821b1df9f5640fb71ae5690affa44999f2cec7d2fe2a79100670b9a33e5c
- SHA512
  
  e3731625096cacf35f08b4d5d3c5434cb11693c250515e7b8469ce0e0afface44801d4219d27c9e6e6b0ffe32901ca7aeb6660091a924d9fc27f9809d8bbb918
- SSDEEP
  
  12288:sqQYfO1BuUy5b16GHBkj6WhSV/4+WTsa7Oz6gMSaATWX4pzMVHDWFNh+:sqQYOuUy6GtVg9OzNxVpAoFNh+
Score

3^/10
behavioral3 behavioral4