General
-
Target
https://cdn.discordapp.com/attachments/1246876705122029608/1246957599484809378/FreeTrial-100_Unc.zip?ex=665e4743&is=665cf5c3&hm=dd1307b1401a203f2e71c67035c1ab2d6bb92d2718d9399e2061f609c927676d&
-
Sample
240602-2prlnahg9w
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1246876705122029608/1246957599484809378/FreeTrial-100_Unc.zip?ex=665e4743&is=665cf5c3&hm=dd1307b1401a203f2e71c67035c1ab2d6bb92d2718d9399e2061f609c927676d&
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://github.com/xylexV5/xylexz/releases/download/vypix/xylex.exe
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1246876705122029608/1246957599484809378/FreeTrial-100_Unc.zip?ex=665e4743&is=665cf5c3&hm=dd1307b1401a203f2e71c67035c1ab2d6bb92d2718d9399e2061f609c927676d&
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-