3b54a47a9e90b6be9641c9b8c23898b673e194ddd41fe68545f7dfeb2e29f32d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xylos_working_executor.exe.exe
Size

10.2MB
Sample

240512-wm4kjscd22
MD5

0fe8e829f52a5a06b19994cb2cca3d2e
SHA1

c688faa795bf41dd4ec58ad4c7b8da105d483881
SHA256

3b54a47a9e90b6be9641c9b8c23898b673e194ddd41fe68545f7dfeb2e29f32d
SHA512

9bd3aa0bb1589a0db65825fd83ccb7d0481e94dbedff785f27c91792ec22c13b9138c1267ef67edbaf4bcfb2bb4977df3c6386f18a60da06658fd85774f0b532
SSDEEP

196608:lhqgbrdEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:rdEkfc4q1+TtIiFUY9Z8D8CcldlQNbX4

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  xylos_working_executor.exe.exe
- Size
  
  10.2MB
- MD5
  
  0fe8e829f52a5a06b19994cb2cca3d2e
- SHA1
  
  c688faa795bf41dd4ec58ad4c7b8da105d483881
- SHA256
  
  3b54a47a9e90b6be9641c9b8c23898b673e194ddd41fe68545f7dfeb2e29f32d
- SHA512
  
  9bd3aa0bb1589a0db65825fd83ccb7d0481e94dbedff785f27c91792ec22c13b9138c1267ef67edbaf4bcfb2bb4977df3c6386f18a60da06658fd85774f0b532
- SSDEEP
  
  196608:lhqgbrdEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:rdEkfc4q1+TtIiFUY9Z8D8CcldlQNbX4
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2