09678a8d7caca2b0bfb457625adbd9ea58b9e280938fe5a238d2c8c3c56f267e

Sharing

Copy URL

Twitter E-mail

General

Target

Xvirus-Tools-1.7.0.zip
Size

40KB
Sample

231115-rdlwxsbc35
MD5

664201c08ba8da1a1f920d266d17319a
SHA1

e0860aa81055d9796380dff911927c35703cf71a
SHA256

09678a8d7caca2b0bfb457625adbd9ea58b9e280938fe5a238d2c8c3c56f267e
SHA512

675b276f788fa2c915f615a1ec3bac2aab5770e9182061151a465084108f52bddf8c8a76b7afeed88490427f58145ff9bbec96ed660d915bcf1ca6cf530a5adf
SSDEEP

768:RQ2hJ/bQCER7pNX8nL9XhVC/ckms+gTejNCaG7OhInm/ZLo6:RQ8jER7jMnxXhw/0sh64/OhInm/ZLo6

Score

6^/10

Malware Config

Targets

- Target
  
  Xvirus-Tools-1.7.0/Xvirus.py
- Size
  
  8KB
- MD5
  
  9105f859cdba36dbcfd51c0e70a0d482
- SHA1
  
  a82b2e78dcd587a002f67dc6bce5b589bd650f95
- SHA256
  
  e27ae207ed527a75b4d11915252c4866dda8c8183976fd06a1b859eafeb9ac18
- SHA512
  
  ac23efef2962fb85f5f5c94e0649c6f7b3050990866b48d6714a3aad9fdfca9a2c3c477eb194395138233c64f37aa845d029bb40c379f9576587f23b1b7823b5
- SSDEEP
  
  192:eGWZRZd7vnTNxTM/DTdkff9XxrcNqTf2BXsYEDn:j0zlvnTNxTL9XxrcNqTA7ED
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Xvirus-Tools-1.7.0/setup.bat
- Size
  
  62B
- MD5
  
  bac1df08b5a2b813d82ace3a51adc67f
- SHA1
  
  bd1279e6379de4ea6ac108718010235f3b342405
- SHA256
  
  59f5244b33fe77d4dfe76e5159d44a07e037040f8790276ec84139ed3128a21b
- SHA512
  
  175b17c6e7d91aea20e6d8d3b63abfd467c0cf7fc6b8c574e39dbffeb52db8c40020816291f7a83e0411a165d0535c033ff1df299dd2c2a7e48ba8b34dcd4afa
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xvirus-Tools-1.7.0/util/__init__.py
- Size
  
  702B
- MD5
  
  d315dafea7a144be416a544d993f1f21
- SHA1
  
  b3ce60f1e5818d7f06ad31ed5ab615633808d2ec
- SHA256
  
  7e6f34bc5a3d996efbf6e105ebc3d437af888a389c6b6034128b566ebaeb12a3
- SHA512
  
  e701514bf9c5430b654cccd39049acda7e6fa6bd1a95ece193741ecc35ba2d9747eaad097e2501430aa2037fec23c2f740d08d71763c138f6384d7432f94a208
Score

3^/10
behavioral5 behavioral6
- Target
  
  Xvirus-Tools-1.7.0/util/options/bypass_rules.py
- Size
  
  735B
- MD5
  
  5ada25ff34ef9585580f697df59f0d68
- SHA1
  
  484a2b772123624f7a76429d8615c9e5f48a16d7
- SHA256
  
  df544cfe417a70507dfc7f828489be62fe9154c9c2100bd1614a999592acae4e
- SHA512
  
  6c88390ad1af94293b9dbda9eaaa7d647479a2383483354b5b632bf94c825779312746b2d4e967d75a2450e5091db12cd4c9e58d7100c8e0ca2bd5d5d1eb0bed
Score

3^/10
behavioral7 behavioral8
- Target
  
  Xvirus-Tools-1.7.0/util/options/channel_spammer.py
- Size
  
  4KB
- MD5
  
  51f66c678a1ab1733f9c29cd90494aae
- SHA1
  
  43caac15bcd8049b8dbb156dc839411ecb2e9a02
- SHA256
  
  bf06fef7761acc6130ec27dde22ba82371b7e5fc7c87c61471b47f80c07bf581
- SHA512
  
  78cabc433ec804030e7e4a25137cba531800b447bcfb15f13aa60809e327b521d99c6299783c4e91407c99d8e622d8d00ee77b6b33053b75a118a78044348401
- SSDEEP
  
  96:4FEJE6Bilg4fgjAQr+5QacHdbTgvboacii:8EJE6Bilg4fgjAQr+5Vc9bUvboacii
Score

3^/10
behavioral10 behavioral9
- Target
  
  Xvirus-Tools-1.7.0/util/options/hypesquad_changer.py
- Size
  
  786B
- MD5
  
  e3a612d8c2bae8225f8bbc1e96685fdf
- SHA1
  
  de0886614fed197a58e212523366b127b96753b1
- SHA256
  
  4e3defaf5f6a7b029c1de298f727a560b3ed3b3f738cfda480f64f4ceaf5ef5b
- SHA512
  
  c964c64c9b47bbf2a3f3aab056ad4c7ae93ae4586e2fb9583ee40056bc967560fb2b2a82b24568d0c9ceac2b5d847cd026dbfefeb41df4770b7e532e38aac4d7
Score

3^/10
behavioral11 behavioral12
- Target
  
  Xvirus-Tools-1.7.0/util/options/mass_report.py
- Size
  
  1KB
- MD5
  
  2c0437d2ba1920aaff26f81005b5a771
- SHA1
  
  b30ac6c85501e5b54b3122e5845cba253bce82cb
- SHA256
  
  c64a9df29d2231902aaa4ab913ba4425eb15757c73c46ff2c53bf6a8395e2839
- SHA512
  
  1c169ce97677a51fb36c10489bdb6e8c669ff2a4ebd09350dd13d857c157f6d2e3f0c6c0ce6eb174923d586b03da5a9ebc3ae9442eff8843d443f1da736e4f24
Score

3^/10
behavioral13 behavioral14
- Target
  
  Xvirus-Tools-1.7.0/util/options/soundboard_spammer.py
- Size
  
  1KB
- MD5
  
  f0a64c5e2416c15a52095795f8fb4273
- SHA1
  
  7ab35761e6f739db62e9c8b8d44903c9e0ef945f
- SHA256
  
  b57628d15040c3f673fd858c7c8921e0c60cf63439ee27a864d1bb631834a8c9
- SHA512
  
  792a62e9828f874142e2ca8a7f043600450338f6dc00ca42b67c3acbb624c0ce22df12681c62a8ebb2b8f3608763394b444d997ca324df251d8cca6a3cbda1d2
Score

3^/10
behavioral15 behavioral16
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_bio_changer.py
- Size
  
  590B
- MD5
  
  29f8953e888c447cb3b5d88477e1d22a
- SHA1
  
  7ed8c0f3753296c0cc5342c8b69508a7bea225e5
- SHA256
  
  397b438869fa1b77aee9b85006f6de6dac0e2dc814af9a2d0e347cc665a61f65
- SHA512
  
  17f189ba23b2bf94a099c00b6ad4408126d4eae4281daf676f20c17cdf0ec04c36676c835a43665c7b105d6f2415886744688c12a7528958c5ac06e7534262fb
Score

3^/10
behavioral17 behavioral18
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_checker.py
- Size
  
  2KB
- MD5
  
  3d4ef3c2509f11780732570a8978ef0b
- SHA1
  
  563627b3b63062de877b9ce3594019306d565ba6
- SHA256
  
  2987cf6e5460024a53617ccc69fa3265519c6a548848a388efaa177907f6ed0e
- SHA512
  
  c4bc2c03ae8bcf706cfdc92eb6a113a24f07a940906f8bf5e5ebcca542094fa57fc9dd5b531f17691543ba10fff82a8cac19e72873cb211fa644c3cbd7b8596d
Score

3^/10
behavioral19 behavioral20
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_global_nicker.py
- Size
  
  606B
- MD5
  
  bb2cf4a683efb935f13b35cd443560aa
- SHA1
  
  391a4b8d9d9a27c0ebfe4c3730774375f4cbbf79
- SHA256
  
  22b26d1274a1749ade26ccb119a4fd7830533bd3dd0ab10328e882d9fb37d8b1
- SHA512
  
  1b06f6d7625276498466b25b6f3e6375b56e4679635c196d46a245d3cd28f5cf4aae57c5eba54091e0bab1503316049eab655c71c72875d062ca90595f561d09
Score

3^/10
behavioral21 behavioral22
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_joiner.py
- Size
  
  852B
- MD5
  
  07ecb52347ad90c98b221527cc2bebed
- SHA1
  
  cea3b88ecb0887ebc04c8196c658cc88d6fb7151
- SHA256
  
  43333a83a75613a994babb01bc56fdcda59c3f79ae0a7fdfe5772e0cf669b9b8
- SHA512
  
  46f6b7bd7e09f16d2fe27b3d34149836944a8fc330b33e19381590585ef1b5badcc871e6124714a72fe9ee3c68dd5edcc4a86ac98ece6ddd9fbf7e36eb7369c2
Score

3^/10
behavioral23 behavioral24
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_leaver.py
- Size
  
  646B
- MD5
  
  6a02f7f772967b2c09830486ccb4f271
- SHA1
  
  cf008cde342db79b6cb930892c28d1884eed38f7
- SHA256
  
  8fa94244eafc5ff342c881a9479dec1b9dffe930617668a72a1e5b2776fb2cea
- SHA512
  
  12f0688ab11c6b4b8051c7a258cd41b3182002e886185f1d9faaedf9a6280b70ed142cc14899606d6ac8e5cab4ebf2aa898aab903bfd0c1243f734479fb32839
Score

3^/10
behavioral25 behavioral26
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_pron_changer.py
- Size
  
  1KB
- MD5
  
  cc0e002a2afed0f7f57d8deb2384a42a
- SHA1
  
  7e10a4a349821b69aabdf5061167851e796c80bd
- SHA256
  
  7f12286c68caf3ae5d4bc24ead05ebaa552896261c8b9f48dbb6393d3c69e5ce
- SHA512
  
  e907772c3ded64ed9c541a3281900163bc31e1a452ffc486a5fc22178f0096c1cc27285a729e5260c32cc2ebe14b28719c78e4f81d83c20bc9dc77c4c19e9f3d
Score

3^/10
behavioral27 behavioral28
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_saver.py
- Size
  
  3KB
- MD5
  
  fb2b280091a1a3c988efadb96af49c40
- SHA1
  
  64d6a610e28f856d6577146960c189424129d501
- SHA256
  
  92cc387679e9d6ec8e81a8ebe7dae81b8b7e43814f5aa7cde9aa602477b1ed20
- SHA512
  
  4497999a77f1be6f52b681378872c36219f2e3e6db7c66864438db7425c123325ccf27168e839b54a93cc56830dd8bb35395c486d45bd1702b6879983229126c
Score

3^/10
behavioral29 behavioral30
- Target
  
  Xvirus-Tools-1.7.0/util/options/token_server_nicker.py
- Size
  
  678B
- MD5
  
  3a5b958fec5481afedb5880366b786c0
- SHA1
  
  c658217b0bcb165780b5fdefec78ab7dd05feb76
- SHA256
  
  2aea24b7190067422a60bbe326e8271e272ce3c8b68d7c69961cf4d9d405cb7e
- SHA512
  
  b729820ceacae291e7d307d4d335fa719c6f5267d55c5706c11c5f9c05c3090027f7c417620af14b3ff3420c2f6bcc3b4a6ed51322c0ef39611c6254140ed203
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32