dc27c8f9f692b5e118ed3151d587dfab9ae74942655b989f9f05718b80c3a2ca

General

Target

Xylex_Aimlock_V1.2.zip
Size

10.8MB
Sample

240510-rr8ylsdg48
MD5

30549c95f6486f311969a41672ca7370
SHA1

0fe8e72c88efefb44d5863146ef0b57033950bd1
SHA256

dc27c8f9f692b5e118ed3151d587dfab9ae74942655b989f9f05718b80c3a2ca
SHA512

35cee882767ca0f269a80133882b3fda7d5aec507d4b60df4f3964424d0fe6527462bc69cfeb05022bda2eb19ebcd8812d3e1a9d649758f80610de66e69cf794
SSDEEP

196608:JVpn3Ng0xjefZjC7FidbT4GQeULIaMl7cBdPojBm/ZDMdLqwaXnjGOTSGv9Aoq:JVpO0xefZjyidbT4nIaMKBdAtmxDMp9N

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/ptsd9/script/releases/download/launcher/launcher.exe

Targets

- Target
  
  Xylex_Aimlock_V1.2.zip
- Size
  
  10.8MB
- MD5
  
  30549c95f6486f311969a41672ca7370
- SHA1
  
  0fe8e72c88efefb44d5863146ef0b57033950bd1
- SHA256
  
  dc27c8f9f692b5e118ed3151d587dfab9ae74942655b989f9f05718b80c3a2ca
- SHA512
  
  35cee882767ca0f269a80133882b3fda7d5aec507d4b60df4f3964424d0fe6527462bc69cfeb05022bda2eb19ebcd8812d3e1a9d649758f80610de66e69cf794
- SSDEEP
  
  196608:JVpn3Ng0xjefZjC7FidbT4GQeULIaMl7cBdPojBm/ZDMdLqwaXnjGOTSGv9Aoq:JVpO0xefZjyidbT4nIaMKBdAtmxDMp9N
Score

10^/10

evasion pyinstaller spyware stealer upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Xylex Aimlock/bin/launcher.exe
- Size
  
  10.9MB
- MD5
  
  15916166c043ce50f37b0a65f4c5d751
- SHA1
  
  1ef18a33a5c982514382aba053bee695281ca291
- SHA256
  
  09ff479a5a9d03f909fd4832b51dbafab4758717624852e697edc8eea26c4086
- SHA512
  
  1bac7ddd8dfd6b9debf75ea98025770db752889fac5b4b33c1a928097cc57f4f8662ee6173e88840ff9f08e325e2fff2238b6e18fa5b64e26ab9bfd1a7da439d
- SSDEEP
  
  196608:tH5gJpDqAlz2Jp5UfDC3njkY4KeNM++2Pfm/pf+xZTdnRSZZWKsnqrMWOzW0DjqT:l5gaAh2Jp5qC3njklM++2m/pWvTlRS79
Score

9^/10

evasion pyinstaller spyware stealer upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2