Overview

overview

10

Static

static

1

Executor/Xylex.bat

windows7-x64

10

Executor/Xylex.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    388491290146c6a7783f141be8d24ce4cb9d3422342857c714968e74dad409cf

  • Size

    311B

  • Sample

    240610-cnxc3sbb77

  • MD5

    a62cea5184515f9de87d53b199d7d941

  • SHA1

    a285d5f995dd779f182514820caafe1d911fe901

  • SHA256

    388491290146c6a7783f141be8d24ce4cb9d3422342857c714968e74dad409cf

  • SHA512

    6739d60ad80d8cfdf26ca924d227e363c7b95062cac949c39b98318fccc455d7e786357f1174e0baa255e9d1438f3900c2b017b9a063aeb271c509f733481d3a

Score
10/10
exelastealerevasionpyinstallerspywarestealerupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/xy-leex/xylex/releases/download/vypix/xylex.exe

Targets

    • Target

      Executor/Xylex.bat

    • Size

      254B

    • MD5

      8a650e0e8c42e298585c8e3bce000530

    • SHA1

      d217caf5298b37d250eed6b31992b7a3975832de

    • SHA256

      bee3639262892fde56c1d48d28aa2dd3c137cfd55125005a3b3ea0a36b1d8aa1

    • SHA512

      b21a6d1d2101a19ca7f5b00100f73607f2ff3c280dd4942e4a6004bb4f6b905f662622e6cdc6af6db0d1d3b96a6c00f7cf2653b13220b48e5ba1dcab5c48185e

    Score
    10/10
    exelastealerevasionpyinstallerspywarestealerupx

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks