General
-
Target
Xylex-ExecutorV2.exe
-
Size
6.9MB
-
Sample
240527-rtv5jagf86
-
MD5
20d8ae67143710a585884b9fe368a5d7
-
SHA1
c8cef7f07490294bffad57630165cec7229232ed
-
SHA256
09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2
-
SHA512
24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92
-
SSDEEP
196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6
Behavioral task
behavioral1
Sample
Xylex-ExecutorV2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
�M���.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Xylex-ExecutorV2.exe
-
Size
6.9MB
-
MD5
20d8ae67143710a585884b9fe368a5d7
-
SHA1
c8cef7f07490294bffad57630165cec7229232ed
-
SHA256
09d433977110c5115cde8f3236dd9717d0e5d923cbd5f3041d6a45afabd47bb2
-
SHA512
24ab172bb32e12ce2106e7d7bd060acc533ef54cf4fbab84c26d3cb333ac2d78a60dd7d0fc01d88fa7ec5bfea92f7896e60b6ba097872e3fea7f77cc611f1a92
-
SSDEEP
196608:drtP0QKeNTfm/pf+xk4dWRGtrbWOjgWy6:jFy/pWu4kRGtrbvMWy6
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
�M���.pyc
-
Size
1KB
-
MD5
fad505cf76ca53913a78ef61bdc5b875
-
SHA1
4c2aa4c2081d1a80b3ab0b14c7d1ebbed42633cc
-
SHA256
cb3cd2279a53edee7d6c811b80d1bc9c46a5f91165392096ecad1c4667955494
-
SHA512
eb134a029713dc8e0612dbdc67c8077cdd12f0a9a42a0f8244fcad0a2b551c774b501ebd3f1bf849944df7988c6d89a2d9eedd160d56d099cf2369f21ff6946a
Score1/10 -