General
-
Target
Xylex-Executor.zip
-
Size
6.8MB
-
Sample
240527-e5q9hahc29
-
MD5
144315c7723748eebe6a90023d9ffb2f
-
SHA1
18734814e96c4d48056ac515b5b242d226ad3dfd
-
SHA256
07be971329ef709cbf33bb03c6d98ddce6acea116877469f883af72706ac18d3
-
SHA512
02e5bea27c85b025b4e3069b5e64d98c262b8dfb3944132c638ce29a5619b6a4295562a820ebecb6069e0070c8825d54d29be80b918f5a6e9358a31753f6fd0a
-
SSDEEP
196608:J0xm3QMMDXgZ79KJtEboNs7LXKgwf1Aui:xSUZ78TEUNs7LXDw9Aui
Behavioral task
behavioral1
Sample
Executor/Xylex-ExecutorV2.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
Executor/Xylex-ExecutorV2.exe
-
Size
6.9MB
-
MD5
20d8ae67143710a585884b9fe368a5d7
-
SHA1
c8cef7f07490294bffad57630165cec7229232ed
-
SHA256
09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2
-
SHA512
24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92
-
SSDEEP
196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-