A set of tools for extracting information from a Xelera ransomware executable.
Note: Xelera ransomware is unlikely to become widespread. It appears to be a one-off solution, and its code quality is notably poor.
Read more: Seqrite Blog - Xelera Ransomware
decrypt_notoken887.py– Decrypts encryptednotoken887output fromfinal.pyc.get_crypto_address.py– Extracts the Litecoin address fromimports.pyc.get_bot_token.py– Retrieves the Discord bot token fromimports.pyc.main.py– Retrieves bot token and Litecoin address from Xelera executable.
- Run desired script and follow instructions in terminal.
- pyinstxractor-ng for extracting the contents of a PyInstaller executable.
For research and educational purposes only. Use responsibly.