General
-
Target
XyIex-Executor.bat
-
Size
244B
-
Sample
240603-k14a6aba32
-
MD5
ac122c56306baae12bc1dbc69455249a
-
SHA1
8f7be0cb0c88260843111257c349f5e2a0fa5b1a
-
SHA256
702d2a9930bf8d16752c3dbe1d5b5382c592c13e85e54fe0cd59df2ad4f764db
-
SHA512
a66df3c5a8c21561dad7ffba4eecc132fce6388797dabdd63eaa6d077d8ebf0298a0220331b0a8f28208a80f1b4cf3ec1ce74a76cf61b428bf03f2d2e637951b
Static task
static1
Behavioral task
behavioral1
Sample
XyIex-Executor.bat
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://github.com/xylexV5/xylexz/releases/download/vypix/xylex.exe
Targets
-
-
Target
XyIex-Executor.bat
-
Size
244B
-
MD5
ac122c56306baae12bc1dbc69455249a
-
SHA1
8f7be0cb0c88260843111257c349f5e2a0fa5b1a
-
SHA256
702d2a9930bf8d16752c3dbe1d5b5382c592c13e85e54fe0cd59df2ad4f764db
-
SHA512
a66df3c5a8c21561dad7ffba4eecc132fce6388797dabdd63eaa6d077d8ebf0298a0220331b0a8f28208a80f1b4cf3ec1ce74a76cf61b428bf03f2d2e637951b
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1