General
-
Target
xylex.exe
-
Size
37.6MB
-
Sample
240603-lsnq6sbg54
-
MD5
8eacf3f9be7e3735352c4020fc4e05e9
-
SHA1
0bb6c048d9e683e152de21f7d368a4c151095504
-
SHA256
4c5b20b4ca8009ab72a76ed7fa6e09bd1b0b78969980f2b49d9a6641439c8d7e
-
SHA512
2f5c54c4561f14fbf9a58075dffe268247f3af3408084c12a8a7ed0fbb33f01448e85a06ba684b037e0489fbcbb7481a825cf23785c7b7c1d60c28467825e3f0
-
SSDEEP
786432:R3on1HvSzxAMNjFZArYs4nPv0so7OZJJe:RYn1HvSpNjXm4P5u2e
Static task
static1
Behavioral task
behavioral1
Sample
xylex.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
xylex.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
xylex.exe
-
Size
37.6MB
-
MD5
8eacf3f9be7e3735352c4020fc4e05e9
-
SHA1
0bb6c048d9e683e152de21f7d368a4c151095504
-
SHA256
4c5b20b4ca8009ab72a76ed7fa6e09bd1b0b78969980f2b49d9a6641439c8d7e
-
SHA512
2f5c54c4561f14fbf9a58075dffe268247f3af3408084c12a8a7ed0fbb33f01448e85a06ba684b037e0489fbcbb7481a825cf23785c7b7c1d60c28467825e3f0
-
SSDEEP
786432:R3on1HvSzxAMNjFZArYs4nPv0so7OZJJe:RYn1HvSpNjXm4P5u2e
Score8/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-