General

  • Target

    Xylex-ExecutorV2.exe

  • Size

    6.9MB

  • Sample

    240527-rtv5jagf86

  • MD5

    20d8ae67143710a585884b9fe368a5d7

  • SHA1

    c8cef7f07490294bffad57630165cec7229232ed

  • SHA256

    09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2

  • SHA512

    24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92

  • SSDEEP

    196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6

Malware Config

Targets

    • Target

      Xylex-ExecutorV2.exe

    • Size

      6.9MB

    • MD5

      20d8ae67143710a585884b9fe368a5d7

    • SHA1

      c8cef7f07490294bffad57630165cec7229232ed

    • SHA256

      09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2

    • SHA512

      24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92

    • SSDEEP

      196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      �M���.pyc

    • Size

      1KB

    • MD5

      fad505cf76ca53913a78ef61bdc5b875

    • SHA1

      4c2aa4c2081d1a80b3ab0b14c7d1ebbed42633cc

    • SHA256

      cb3cd2279a53edee7d6c811b80d1bc9c46a5f91165392096ecad1c4667955494

    • SHA512

      eb134a029713dc8e0612dbdc67c8077cdd12f0a9a42a0f8244fcad0a2b551c774b501ebd3f1bf849944df7988c6d89a2d9eedd160d56d099cf2369f21ff6946a

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks