Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Xylex-Executor.exe
-
Size
10.9MB
-
Sample
240505-s5h5saea7w
-
MD5
13193ff628a2dcb77215278237789854
-
SHA1
5f7f1dbafc5a0b72db0425bb7be081f227034994
-
SHA256
fa9e580d42e1779416aacd9e607f91ffb317411485f1ea7576b53e07ad8d4df1
-
SHA512
35037d4bef970b27bc8f40d8859b6dc19ae6596af880124cb7e173d1876e96867a3fcf8e21fb28559d3c3d4d03481780cb1c3d80626905aef3b7f32245af1286
-
SSDEEP
196608:Gt6LxwYlz2Jp5UfDC3njkY49eNz4+2Pfm/pf+xZfdcRBZZWKsnqrMWOzW0DjqT:M6KYh2Jp5qC3njkGz4+2m/pWvfCRB7B3
Behavioral task
behavioral1
Sample
Xylex-Executor.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Xylex-Executor.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Stub.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Stub.pyc
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Xylex-Executor.exe
-
Size
10.9MB
-
MD5
13193ff628a2dcb77215278237789854
-
SHA1
5f7f1dbafc5a0b72db0425bb7be081f227034994
-
SHA256
fa9e580d42e1779416aacd9e607f91ffb317411485f1ea7576b53e07ad8d4df1
-
SHA512
35037d4bef970b27bc8f40d8859b6dc19ae6596af880124cb7e173d1876e96867a3fcf8e21fb28559d3c3d4d03481780cb1c3d80626905aef3b7f32245af1286
-
SSDEEP
196608:Gt6LxwYlz2Jp5UfDC3njkY49eNz4+2Pfm/pf+xZfdcRBZZWKsnqrMWOzW0DjqT:M6KYh2Jp5qC3njkGz4+2m/pWvfCRB7B3
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Stub.pyc
-
Size
875KB
-
MD5
f9831a9a3ff275207efa27868672503d
-
SHA1
a85c50e5a9dae11ac402daaba0e4c2762e839af0
-
SHA256
f683502becd15ec94f2d3175add74a6c8759178a617e15d3801d11bb2d4c92eb
-
SHA512
8a671e751443fe48fa156cb1de646782db8fd1a2a59b8fa0e8247bc0a91b1aacab3a058bb5d9c617dc40970b47d96a84ad34a4d55216bdcac6f3e378610f03dc
-
SSDEEP
24576:OONIZ/KW//MzIrMbYw3UgD1+J3BadmuPP:OV/MkrMblUgU7Y
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1