MozellaELF
Linux ELF 64-bit PyInstaller-bundled credential stealer with Mozilla brand imitation filename (mozella). Python requests.cookies and http.cookies modules for browser cookie theft. Suspicious domains unittest.ru and unittest.su (Russian/Soviet TLDs). socket + base64 for exfiltration.
Threat Profile
Type
Infostealer
Programming LanguagePython/PyInstaller
C2 ProtocolHTTP
First Seen2024
Targets
Linux Sistemler
Purpose / Capabilities
- Cookie Stealer
No C2 servers have been identified for this family yet.
Research Reports (1)
MozellaELF d77dd11f -- Mozilla Taklidi Linux ELF 64bit PyInstaller Cookie Stealer unittest.ru unittest.su Suphelici Rus TLD socket requests.cookies base64 | Orta
MozellaELF d77dd11f Linux ELF x64 6.3MB PyInstaller. Mozilla taklidi isim mozella. unittest.ru unittest.su Rus TLD. socket + http.cookies + requests.cookies + base64 kapasitesi.
Read Report →