Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
xylex.exe
-
Size
35.0MB
-
Sample
240609-nt4vwsag98
-
MD5
616d4334d895c49429043488d03e8b0d
-
SHA1
f829acda5233b633b6653e6e47dd90e659e7d8de
-
SHA256
50322eaf6d9abd936522ec46f273c1b46ecc8eaab6070124ff36d44546cb1941
-
SHA512
caf21c739ba403f6e93debcaaf71c073b7fcda7279785748db7eba0ffe6f0c9af216cd18529a275f265e85686e31d9047bb25458106df5b54dc66dc497c814c9
-
SSDEEP
786432:VQfVhErkaIdgRxyvikaIdgRxy7+9/pWfiu5ZGzj7tKm+B1z7etzz:VQfbjtgWptgWyHo5szj7Ym+rz7e9z
Behavioral task
behavioral1
Sample
xylex.exe
Resource
win11-20240426-en
Behavioral task
behavioral2
Sample
Exela.pyc
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
xylex.exe
-
Size
35.0MB
-
MD5
616d4334d895c49429043488d03e8b0d
-
SHA1
f829acda5233b633b6653e6e47dd90e659e7d8de
-
SHA256
50322eaf6d9abd936522ec46f273c1b46ecc8eaab6070124ff36d44546cb1941
-
SHA512
caf21c739ba403f6e93debcaaf71c073b7fcda7279785748db7eba0ffe6f0c9af216cd18529a275f265e85686e31d9047bb25458106df5b54dc66dc497c814c9
-
SSDEEP
786432:VQfVhErkaIdgRxyvikaIdgRxy7+9/pWfiu5ZGzj7tKm+B1z7etzz:VQfbjtgWptgWyHo5szj7Ym+rz7e9z
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Exela.pyc
-
Size
148KB
-
MD5
33ce72d77a78ba8b556ece2f009d4429
-
SHA1
0f912e0d1f749e645385d4bb10ecf2f4ac00012b
-
SHA256
ccf492f0a7d5cd8240f1efa380d26100c604d2387edeb01e3421d70dcdbeb164
-
SHA512
b76abd20e391d5a552de1ec16dda9ff1e2cddb79a0c0343018c6d7be0a48e7497a80cfb6efde3c20e2a1ada76a23bd575103f5650ddb22f0e450ff2ef3a41f78
-
SSDEEP
3072:YGYqtpi7i3srsvepumYhYYYYY9YYw1z/NMOmznnnnnZnnennnnnnn/nennnnnnnU:YGYqtpi7i3sdZYhYYYYY9YYw5Nnms
Score3/10 -