General
-
Target
xylex.exe
-
Size
37.6MB
-
Sample
240602-xbj77sba2t
-
MD5
d640ad12d884e0cabdd50b7988fb0c90
-
SHA1
014a14d49a717d96d53d4951d98a8027d7e915d9
-
SHA256
b7c98c5a0bd23516393de77e0636400c29e77373affa47ce3cc2ed391aca80cf
-
SHA512
ccc086be76cc8ef6bc6c3721654db5e62306db7ac35749ba352ee0d053cc69ac466fe87e2b608f7cef05d0bb603c64ae861b474640538912e7b85799062f9798
-
SSDEEP
393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgB96l+ZArYsFRlVL0:R3on1HvSzxAMNBFZArYsNmPv0J7OZ/v
Malware Config
Targets
-
-
Target
xylex.exe
-
Size
37.6MB
-
MD5
d640ad12d884e0cabdd50b7988fb0c90
-
SHA1
014a14d49a717d96d53d4951d98a8027d7e915d9
-
SHA256
b7c98c5a0bd23516393de77e0636400c29e77373affa47ce3cc2ed391aca80cf
-
SHA512
ccc086be76cc8ef6bc6c3721654db5e62306db7ac35749ba352ee0d053cc69ac466fe87e2b608f7cef05d0bb603c64ae861b474640538912e7b85799062f9798
-
SSDEEP
393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgB96l+ZArYsFRlVL0:R3on1HvSzxAMNBFZArYsNmPv0J7OZ/v
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-