f08885f7d4edd1401ab96d686fdeab2479c55350576ee2f9a868c2585df5b81d | Triage

Sharing

General

Target

XylonV3.exe
Size

9.1MB
Sample

240528-e55rwsfg92
MD5

f1324f5033f9afecd9e90c35a12a78d3
SHA1

aadd02412261a77ff6a0b3c09630b9b9be959f91
SHA256

f08885f7d4edd1401ab96d686fdeab2479c55350576ee2f9a868c2585df5b81d
SHA512

c5c0a30794a8a9adc258612d0a9fbd804dd1d7db64d15e28e5a0aa451cd9733110a3c5b0e8ca5e7450ac92bf1b2e26fef9a185084bd2fe363b50c360891caa04
SSDEEP

196608:eXlCPpGAjMGhuPD5U4idQmRJ8dA6lkaycBIGpEo+PQ3t2G:rP8AxYDwdQuslp9Nt

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  XylonV3.exe
- Size
  
  9.1MB
- MD5
  
  f1324f5033f9afecd9e90c35a12a78d3
- SHA1
  
  aadd02412261a77ff6a0b3c09630b9b9be959f91
- SHA256
  
  f08885f7d4edd1401ab96d686fdeab2479c55350576ee2f9a868c2585df5b81d
- SHA512
  
  c5c0a30794a8a9adc258612d0a9fbd804dd1d7db64d15e28e5a0aa451cd9733110a3c5b0e8ca5e7450ac92bf1b2e26fef9a185084bd2fe363b50c360891caa04
- SSDEEP
  
  196608:eXlCPpGAjMGhuPD5U4idQmRJ8dA6lkaycBIGpEo+PQ3t2G:rP8AxYDwdQuslp9Nt
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  XylonV3.pyc
- Size
  
  13KB
- MD5
  
  1283295f829b8a2415becb0938294795
- SHA1
  
  f696b30376115c8eec39927e58b747ad97a4f2ef
- SHA256
  
  406b695b0b818ec1a89e4c7e97e66123f224f5e3acb6ec5e8f310fb6ac82ffbc
- SHA512
  
  b1499f400fac61a769c80b5b48340347f5da4e41e85ca142dd9f90c02867e2b8e0292120e4249d6bbabfdbbd7cdd28d7defea2675714533675b3050c41a42b0a
- SSDEEP
  
  192:1AxN/AghwfsVIifWucwIXziMcqHePvWmg0GMdxn/Keb7ugZyVNF7I+f0dNaA/B:OxN+rifWH5jiMzHM+70GMfn/Kgu1pfOZ
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2