General
-
Target
XylexV2.1.zip.bin
-
Size
311B
-
Sample
240609-yds4kaeg99
-
MD5
a62cea5184515f9de87d53b199d7d941
-
SHA1
a285d5f995dd779f182514820caafe1d911fe901
-
SHA256
388491290146c6a7783f141be8d24ce4cb9d3422342857c714968e74dad409cf
-
SHA512
6739d60ad80d8cfdf26ca924d227e363c7b95062cac949c39b98318fccc455d7e786357f1174e0baa255e9d1438f3900c2b017b9a063aeb271c509f733481d3a
Malware Config
Extracted
https://github.com/xy-leex/xylex/releases/download/vypix/xylex.exe
Targets
-
-
Target
Executor/Xylex.bat
-
Size
254B
-
MD5
8a650e0e8c42e298585c8e3bce000530
-
SHA1
d217caf5298b37d250eed6b31992b7a3975832de
-
SHA256
bee3639262892fde56c1d48d28aa2dd3c137cfd55125005a3b3ea0a36b1d8aa1
-
SHA512
b21a6d1d2101a19ca7f5b00100f73607f2ff3c280dd4942e4a6004bb4f6b905f662622e6cdc6af6db0d1d3b96a6c00f7cf2653b13220b48e5ba1dcab5c48185e
Score10/10-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-