Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
XyIex-Executor.bat
-
Size
244B
-
Sample
240602-wedn6aag95
-
MD5
ac122c56306baae12bc1dbc69455249a
-
SHA1
8f7be0cb0c88260843111257c349f5e2a0fa5b1a
-
SHA256
702d2a9930bf8d16752c3dbe1d5b5382c592c13e85e54fe0cd59df2ad4f764db
-
SHA512
a66df3c5a8c21561dad7ffba4eecc132fce6388797dabdd63eaa6d077d8ebf0298a0220331b0a8f28208a80f1b4cf3ec1ce74a76cf61b428bf03f2d2e637951b
Static task
static1
Behavioral task
behavioral1
Sample
XyIex-Executor.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XyIex-Executor.bat
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://github.com/xylexV5/xylexz/releases/download/vypix/xylex.exe
Targets
-
-
Target
XyIex-Executor.bat
-
Size
244B
-
MD5
ac122c56306baae12bc1dbc69455249a
-
SHA1
8f7be0cb0c88260843111257c349f5e2a0fa5b1a
-
SHA256
702d2a9930bf8d16752c3dbe1d5b5382c592c13e85e54fe0cd59df2ad4f764db
-
SHA512
a66df3c5a8c21561dad7ffba4eecc132fce6388797dabdd63eaa6d077d8ebf0298a0220331b0a8f28208a80f1b4cf3ec1ce74a76cf61b428bf03f2d2e637951b
Score10/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-