Overview

overview

9

Static

static

9

Xy2tools_V...EL.dll

windows7-x64

8

Xy2tools_V...EL.dll

windows10-2004-x64

8

Xy2tools_V...վ.url

windows7-x64

1

Xy2tools_V...վ.url

windows10-2004-x64

1

Xy2tools_V...EL.dll

windows7-x64

8

Xy2tools_V...EL.dll

windows10-2004-x64

8

Xy2tools_V...ssx.js

windows7-x64

1

Xy2tools_V...ssx.js

windows10-2004-x64

1

Xy2tools_V...(1).js

windows7-x64

1

Xy2tools_V...(1).js

windows10-2004-x64

1

Xy2tools_V...s/c.js

windows7-x64

1

Xy2tools_V...s/c.js

windows10-2004-x64

1

Xy2tools_V...ick.js

windows7-x64

1

Xy2tools_V...ick.js

windows10-2004-x64

1

Xy2tools_V.../ga.js

windows7-x64

1

Xy2tools_V.../ga.js

windows10-2004-x64

1

Xy2tools_V...sa.htm

windows7-x64

1

Xy2tools_V...sa.htm

windows10-2004-x64

1

Xy2tools_V...1).gif

windows7-x64

1

Xy2tools_V...1).gif

windows10-2004-x64

1

Xy2tools_V...at.gif

windows7-x64

1

Xy2tools_V...at.gif

windows10-2004-x64

1

Xy2tools_V...(1).js

windows7-x64

1

Xy2tools_V...(1).js

windows10-2004-x64

1

Xy2tools_V...xy2.js

windows7-x64

1

Xy2tools_V...xy2.js

windows10-2004-x64

1

Xy2tools_V...bal.js

windows7-x64

1

Xy2tools_V...bal.js

windows10-2004-x64

1

Xy2tools_V...te.exe

windows7-x64

1

Xy2tools_V...te.exe

windows10-2004-x64

1

Xy2tools_V...ls.exe

windows7-x64

8

Xy2tools_V...ls.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeb062e6893526dbf871b73aaf2ab1ac24003001f82a4444a31a4055d7cc2368

  • Size

    2.2MB

  • Sample

    221127-rzsxcseb85

  • MD5

    6311a11a92a11882c9f782a30dc33e10

  • SHA1

    8176e48191ae1d33c9687dd0af702458135e78bd

  • SHA256

    eeb062e6893526dbf871b73aaf2ab1ac24003001f82a4444a31a4055d7cc2368

  • SHA512

    4d1c19c5368d9928e657576d1f95278f1105604fbc083e2f38d4b6ac879f9ddeb9eedb755b5102af907c0d7192faee4ddaaf9f000e2c1241efc22a299ab7765a

  • SSDEEP

    49152:a7u7GrBWQkmFXZNR0KGKkKtf5zUBoPwDiT0lmv:aC6rBWQkmtZNqK9ruBoPGc0lmv

Score
9/10
upx

Malware Config

Targets

    • Target

      Xy2tools_V1.020/Ini/SkinH_EL.dll

    • Size

      86KB

    • MD5

      147127382e001f495d1842ee7a9e7912

    • SHA1

      92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    • SHA256

      edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    • SHA512

      97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    • SSDEEP

      1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      Xy2tools_V1.020/JZ5Uɫվ.url

    • Size

      111B

    • MD5

      3e8d917d0d10210cd051d7c251bcb9d9

    • SHA1

      92bd693746a70ebf302b1f30afbebe1e3d6f4a37

    • SHA256

      026cee18a5e42425585a1a324fe0894be7cb2fcb1869310ad2a38b73f96e89ef

    • SHA512

      f676fdeb3cb04db79075adb3e5957dc1722d71a6f7edd03f7cb28b3cce60183e52e952f30c74184799350f0963da5ed8b9b69dfee85eaed49dc724c38985176b

    Score
    1/10
    behavioral3behavioral4

    • Target

      Xy2tools_V1.020/SkinH_EL.dll

    • Size

      86KB

    • MD5

      147127382e001f495d1842ee7a9e7912

    • SHA1

      92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    • SHA256

      edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    • SHA512

      97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    • SSDEEP

      1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      Xy2tools_V1.020/jsyc/jssx.htm

    • Size

      172KB

    • MD5

      4ff750423bb2e50067cfa33035ae7acb

    • SHA1

      19bc5d68ce3182b34be2985fb221274fd4ef04ca

    • SHA256

      9d17403fccfc5327a6d29d8d1702704fa6e19c7558b6c5fa5b91bc0c5cb21236

    • SHA512

      d793968dfe3f1a0a02b2fbc3f00d0cab0bb394de292758f038f9e86afcc2abbab7e1e8eff89cca3c0adf882b88db3651fcccd8a178705dd81d035481055a6a30

    • SSDEEP

      3072:dipDit1XmKHkMixZlua4Dn3ocX08Cx5Vu6IjHpnzPcEKpRNWCQb/jkxJtauYMtFo:Jt1GxJcMtFkIK

    Score
    1/10
    behavioral7behavioral8

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/c(1).php

    • Size

      2KB

    • MD5

      2949ab4b9bbb9f8176181a6256fa1f83

    • SHA1

      dbef9f67788b3d6b91401563e8421af7cc6dd571

    • SHA256

      5b5779352fa1b041bb513e231917c6dd0b75a41474175f3cda9bf5c914934903

    • SHA512

      11bc150c663cbd7e356482aff2cf053db0a3bde03611cfa3df53634f99c23715d99d5d8fa916a292387c10e4dc6872f76244724e706ec767d15555f39a267d00

    Score
    1/10
    behavioral10behavioral9

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/c.php

    • Size

      2KB

    • MD5

      27a525e02e4b2ce1ae9ae712c21dc2b5

    • SHA1

      ef0f45df05b0127d5478a86636be9f56b615dafa

    • SHA256

      b4783cb43e51de855e1b9b31bf52651c926f165137659e164d40716e6643ba76

    • SHA512

      4db508beabd4901edefa132e2f14c270ea72302776aa6c2385aabe16b6fdecf0cd10cc3c2cc88f43829e1f951d65f2b0b75cefa50523a111672472f8e88b977f

    Score
    1/10
    behavioral11behavioral12

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/click.aspx

    • Size

      1KB

    • MD5

      9746fe0e01979e9f1ef7f2e234d15210

    • SHA1

      cca67e5f81a9dfc9fbc6c6baa0f03a1e832c3b9c

    • SHA256

      37eb08f55f4326ff56dde2240916ba20a8ac7c4c23ca87fe6baaddd2ac7883a9

    • SHA512

      958ca06d6200eefbe6e78c4dba69a3f6bac072706d7bf84f7d8b1e30111fb88800ad15882c0dc0ffb9eba8f4ea36cd189d9529de9dc8e7411258d9020edbdf7d

    Score
    1/10
    behavioral13behavioral14

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/ga.js

    • Size

      26KB

    • MD5

      843a711c63e9cdd3700c41fa4aa1a3b8

    • SHA1

      392e77d65be8642ab39ed0e685ba8b24fe24553f

    • SHA256

      40bd4ef3b845b98250ee8e7d46ee7f55775357dba02e68cc5da335de8f732c55

    • SHA512

      5eaf100a4a21aae39d1e3681972120818fb40f4b4ac2041db0e128b7c63d8bfdb81e3490679927c766040f5818f62e139b359ebb6bac47d34c222ec00f4124e6

    • SSDEEP

      768:+WLdvd2ZS0Dt7j2mcPslmioXQH7G3uz4hZd:PS4u/lmFXQH7Rz4hZd

    Score
    1/10
    behavioral15behavioral16

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/sa.htm

    • Size

      506B

    • MD5

      20c5f49ea37de68bd3d790f3e98c60d2

    • SHA1

      52751dd63cbd2d8a3c65e9c983ea751fb4c9bdfd

    • SHA256

      329f84b56ba416a84228d50412f7f2a5c0baa6cef7e572b20dbdf0829baa2c41

    • SHA512

      e9ce64caf4dd32b03f38d8279851f12065baa77d69b7099eb8c6016bd51d26912442665dcc6912b25767a984592f1b7e9f8b156901ad2affb137a0bca941d469

    Score
    1/10
    behavioral17behavioral18

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/stat(1).htm

    • Size

      43B

    • MD5

      325472601571f31e1bf00674c368d335

    • SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

    • SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

    • SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

    Score
    1/10
    behavioral19behavioral20

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/stat.htm

    • Size

      43B

    • MD5

      325472601571f31e1bf00674c368d335

    • SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

    • SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

    • SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

    Score
    1/10
    behavioral21behavioral22

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/xy2(1).js

    • Size

      139B

    • MD5

      278eac3268983484dce0fcf1b6ede436

    • SHA1

      21ebaedc0b3a1740eeefe58373cdbe03c97624a3

    • SHA256

      007572b6ffa0da4b8b9205b1317437d6c9d6e9693db7655fe391ba1b1a9beb0b

    • SHA512

      aeaa4fa84e7b03c6bd7e7c165de081ebae67f3c251d532cd73ea17c1fba47b0e8e32afc424fd4375047835ab112f54e5b60115455e07334a67937fc0a75d20c5

    Score
    1/10
    behavioral23behavioral24

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/xy2.js

    • Size

      170B

    • MD5

      cd0db532d8d2b345ac6b9ae6a470fe73

    • SHA1

      c81db52f99f0bcb1d55b03ecd29604260236c74c

    • SHA256

      494fed85f11dd4e678d90b8d74749c98970e35d76b679516da6af93b740423c1

    • SHA512

      4143ffb3b3ce390a902c46ef30b41cb57fa119a3bc77404a454a073e2fc27a972a9078d94abf16088ffcd5a83b20607054100f596092e881c11f17fad15e7ac5

    Score
    1/10
    behavioral25behavioral26

    • Target

      Xy2tools_V1.020/jsyc/jssx_files/yzz_global.js

    • Size

      676B

    • MD5

      d2df83559bbb71c455026665062a3733

    • SHA1

      930f3033a3f8f11a5b7f3c09b2c9aa8c2705d4ec

    • SHA256

      61ea31da7473c867535c0788b42bfe7113d3b0beca6e37630ae8b60ec4fa1f90

    • SHA512

      b176b4203635bee14f6c565ed087a26cf7defe885b577c3d6ceb50aba714a2da409949192b832a12836940973109b21f3e4564fbbbd0c1bda9a51d354d07e7f5

    Score
    1/10
    behavioral27behavioral28

    • Target

      Xy2tools_V1.020/update.exe

    • Size

      712KB

    • MD5

      78d2cc6623b49f34b8e91f49877773f4

    • SHA1

      4773019ce2819b9f5e52c2ba0bb02968439c9bc5

    • SHA256

      f0403a6c0dd4dd7b5b1d39c22be5a1e4385d87f0c79fc747ab9c9522cb4da3c9

    • SHA512

      d8ca68f83f2f3312ff694f2d474dcc479f13278f8434c78ae27eebcd0cc393d00603a750c1aea6e108689a0e0c2e75ada106183503392860dc907d18483f7f21

    • SSDEEP

      12288:d94jw9qBAQrVnifXPw7zc6Tm+Vd4aTpN/Mb+z+Gms8hTvAIWMAso99/ddGX6RCNF:qi8ivPuJxpNryGmjT4IWTjZ6hNF

    Score
    1/10
    behavioral29behavioral30

    • Target

      Xy2tools_V1.020/xy2tools.exe

    • Size

      3.0MB

    • MD5

      a5526a74c1326dea6ed3ff54e7e7ab4d

    • SHA1

      8562ad2d3010f1b96bf599f9dcb8264cc0671dee

    • SHA256

      e8c58c6384e6c454176ac4e6aa342fdcbf76c442808ce2677a9f857c93fe015f

    • SHA512

      1ece2494ea3ea79efa70d703438fd1554468e0de6981bb482de35aacebcbdfcff6a49a254de60d683e7161c25b3948e42bba1cebeae75f229e0f47d8d028483b

    • SSDEEP

      49152:rqMytdgjxVRHAl2VthQ/m0TZaqdwk0c05HGiXUKj2Y6:eAVthQ/m0YqdwkLcHHEKj2

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

upx
Score
9/10

behavioral1

upx
Score
8/10

behavioral2

upx
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

upx
Score
8/10

behavioral6

upx
Score
8/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

upx
Score
8/10

behavioral32

upx
Score
8/10