Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

xylex.exe

windows11-21h2-x64

10

Exela.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xylex.exe

  • Size

    35.0MB

  • Sample

    240609-nt4vwsag98

  • MD5

    616d4334d895c49429043488d03e8b0d

  • SHA1

    f829acda5233b633b6653e6e47dd90e659e7d8de

  • SHA256

    50322eaf6d9abd936522ec46f273c1b46ecc8eaab6070124ff36d44546cb1941

  • SHA512

    caf21c739ba403f6e93debcaaf71c073b7fcda7279785748db7eba0ffe6f0c9af216cd18529a275f265e85686e31d9047bb25458106df5b54dc66dc497c814c9

  • SSDEEP

    786432:VQfVhErkaIdgRxyvikaIdgRxy7+9/pWfiu5ZGzj7tKm+B1z7etzz:VQfbjtgWptgWyHo5szj7Ym+rz7e9z

Score
10/10
exelastealerevasionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      xylex.exe

    • Size

      35.0MB

    • MD5

      616d4334d895c49429043488d03e8b0d

    • SHA1

      f829acda5233b633b6653e6e47dd90e659e7d8de

    • SHA256

      50322eaf6d9abd936522ec46f273c1b46ecc8eaab6070124ff36d44546cb1941

    • SHA512

      caf21c739ba403f6e93debcaaf71c073b7fcda7279785748db7eba0ffe6f0c9af216cd18529a275f265e85686e31d9047bb25458106df5b54dc66dc497c814c9

    • SSDEEP

      786432:VQfVhErkaIdgRxyvikaIdgRxy7+9/pWfiu5ZGzj7tKm+B1z7etzz:VQfbjtgWptgWyHo5szj7Ym+rz7e9z

    Score
    10/10
    exelastealerevasionspywarestealerupx

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      Exela.pyc

    • Size

      148KB

    • MD5

      33ce72d77a78ba8b556ece2f009d4429

    • SHA1

      0f912e0d1f749e645385d4bb10ecf2f4ac00012b

    • SHA256

      ccf492f0a7d5cd8240f1efa380d26100c604d2387edeb01e3421d70dcdbeb164

    • SHA512

      b76abd20e391d5a552de1ec16dda9ff1e2cddb79a0c0343018c6d7be0a48e7497a80cfb6efde3c20e2a1ada76a23bd575103f5650ddb22f0e450ff2ef3a41f78

    • SSDEEP

      3072:YGYqtpi7i3srsvepumYhYYYYY9YYw1z/NMOmznnnnnZnnennnnnnn/nennnnnnnU:YGYqtpi7i3sdZYhYYYYY9YYw5Nnms

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks