General
-
Target
XyloTool.rar
-
Size
5.8MB
-
Sample
240626-fwckeszcnm
-
MD5
23431e2bb1fdb82b98285ce1daa81223
-
SHA1
fa5e1f6f33b8ef6244a5812f64c0aab1a78077d8
-
SHA256
79fe80b6762a5ee29c76185cd062fcf832deb1620f04ddc4de50d3358ca9373f
-
SHA512
84afc3b4867e601ea1703e7670aa4ac8e1c57335acfe1ed4733f745bc2a2d1efef40406a312a5bd6383908de2e436fcffe5e898c62b71a12a3b41149c028f149
-
SSDEEP
98304:4Xuoid5KMbpyo/BoPsTAlZ7pZcRnGSatjD9s4E79L9Wta5XtAuFh5vJBt0Pf:OuoidRBoP5Z74RAC4SL9WMfncH
Behavioral task
behavioral1
Sample
XyloTool.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
XyloTool.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
XyloTool.exe
-
Size
5.9MB
-
MD5
1bae503880fbeb67ea0df79e4123eb3f
-
SHA1
66f88a8d04503aa36f97153271e756b184915cfd
-
SHA256
6ba55b8fc0d8a37a2d5942c54d86c267d38fc4bd4bc1339dde80190ddf800980
-
SHA512
bea868f8215a69ff0f72a67b04cb0eeb3030b1c830c700ca29b61f1e38ccddb5401ae3285b9101d3998480a31a8e7a5fe053ad2b464de6ffdfea36cda403e663
-
SSDEEP
98304:zN+nhj832i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF29hGkr/LcQ:zAn4EDOYjJlpZstQoS9Hf12VKXpbGC0E
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-