8e7cf04f6a32429304b49abe68604c1174b58d6bd35ed58ffc5d973932d12487

Sharing

Copy URL

Twitter E-mail

General

Target

Xtool 3.rar
Size

628KB
Sample

240410-3kj7fshd9t
MD5

ecac524d944e9580b56de53552a64184
SHA1

e8cc94559d030b1f1feeb20f2482892b24d31671
SHA256

8e7cf04f6a32429304b49abe68604c1174b58d6bd35ed58ffc5d973932d12487
SHA512

3a2ddc8ba9264aea1217c9c37efafd1ecce1a41f4e2e23f5f1ccfb51cd0e4379fac1a2b813ac73462d533e7c6278b9a733ebb37e9afd33eec07c4f93a2f05411
SSDEEP

12288:3sCy71fZ9gm/Q6yPFduRDMM0+xJFGYq++sa51sDX3JcW:3sP5fLgmuduhJxJwMa51sDXmW

Score

7^/10

Malware Config

Targets

- Target
  
  Xtool 3.rar
- Size
  
  628KB
- MD5
  
  ecac524d944e9580b56de53552a64184
- SHA1
  
  e8cc94559d030b1f1feeb20f2482892b24d31671
- SHA256
  
  8e7cf04f6a32429304b49abe68604c1174b58d6bd35ed58ffc5d973932d12487
- SHA512
  
  3a2ddc8ba9264aea1217c9c37efafd1ecce1a41f4e2e23f5f1ccfb51cd0e4379fac1a2b813ac73462d533e7c6278b9a733ebb37e9afd33eec07c4f93a2f05411
- SSDEEP
  
  12288:3sCy71fZ9gm/Q6yPFduRDMM0+xJFGYq++sa51sDX3JcW:3sP5fLgmuduhJxJwMa51sDXmW
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Xtool 3/DeathByCaptcha.dll
- Size
  
  25KB
- MD5
  
  7881d1d6d46d2a93fe0237c902c7ee4b
- SHA1
  
  4ff8f1463d668dbadf5e26f371e58f442d1bc7c9
- SHA256
  
  83434d7d5f77802a35802a53f4442604c20e681d4b2905086585c4d579a7c562
- SHA512
  
  d8a3b6a1fe097d8b3d8ebd669e84038fb9c454e53dcb6a6318cd1a04191b755ceb21b5acb2c490d1537ccc61704c33665c45e70bc630e48200b13cf5d7e67f6e
- SSDEEP
  
  768:SxaTSJqdto5swYG/aOqOQn5YaGPLLV++4aa78+j0VRTl:SxaTSJV9YGCOqOQnleLVSZ78ZRZ
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xtool 3/Microsoft.WindowsAPICodePack.ExtendedLinguisticServices.dll
- Size
  
  26KB
- MD5
  
  d7c4d6e77678d126c8aa5c6f679ebe2b
- SHA1
  
  6b2d251b86b415460ead15f648ec1323c22da7c1
- SHA256
  
  7d2ee64241fb23095f65d67f10e9f8dd0917466efce5f6c0d9413afe6d108e54
- SHA512
  
  ae25272255d9eb0aa9988c28fcc1713b7917c7fbc86f8bfcca0b14774d01bc55f617c0218634ba3067b394f097d6810b231a6c1dfd42401e33525a2c50371798
- SSDEEP
  
  384:XyYlKj/lL1ntpTk6hr/N2H3sKsV2QRykkAvUo8IXMqJZ9SyJv7DCnsiVtpa9yc5G:il/lZn77TYH3PFsy8qyJv7DCna9Q
Score

1^/10
behavioral5 behavioral6
- Target
  
  Xtool 3/Microsoft.WindowsAPICodePack.Sensors.dll
- Size
  
  45KB
- MD5
  
  1804fc89d06836038c382d2402a4bb7f
- SHA1
  
  bd22347e199828ca459d5487dbf4391755df06ed
- SHA256
  
  9c5e44e5de1be0facac32a57190bf21fa2639d1bae748be16b674b72a64e2481
- SHA512
  
  63e075458e5f596f012cf62b49efab89e143c0976e08fece7cc235c36b5af78e4432b8699702e977d9b02a3108fc80939ed6cad0a78358f604266cc6d22d4c0a
- SSDEEP
  
  768:w+meO2We+Vl91llNVVFNVp6hMZF4LTK0uRtI3uJHosMJ5qTCMw86hu2rrGcOMOgc:wp6hMD4iRtIQbGqTCMw8arrGcCgNF3Y
Score

1^/10
behavioral7 behavioral8
- Target
  
  Xtool 3/Microsoft.WindowsAPICodePack.Shell.dll
- Size
  
  529KB
- MD5
  
  54fe9a2748c4a0f282d4ec91e3cadc16
- SHA1
  
  970b783a697d893ecd4916dd86b5ff7574896c9e
- SHA256
  
  e6fa9d9e34ff3bf63ce782654b14e4b54a3abd1022c87bc099032c2948157672
- SHA512
  
  c7d567e3c039f98f3a99249b2d9bc2186c34efd73eec421331732d2307a8af940911381e27b015f58d0f65871bb4b038cc0f27d3fa495acd08994226bb033b7f
- SSDEEP
  
  6144:KRAFnp++R1yj124hKX97kANqQHlWBwn9dgPan1W86b8c3v6n9c6KwZErn+LYHtA:iApI2D97kANVFWBwn9iPIL9Mwh
Score

1^/10
behavioral10 behavioral9
- Target
  
  Xtool 3/Microsoft.WindowsAPICodePack.ShellExtensions.dll
- Size
  
  35KB
- MD5
  
  25eef0366f3de83c698d3f6cafbcf61c
- SHA1
  
  eb7caafa65dec3ad3035c2fa8a47b16cf030d66c
- SHA256
  
  15492ab3a7790f4972587f8badfa54858a1a974bfd1556b6e51eb551671f7e39
- SHA512
  
  cc9402d212b5ddbdba837b9138c897ccf6ea05fc67b939e63b091d4d049551ce84278ec3e4bb0f2c2fcfae5b7a8e4d4c0851632b2c40fe486850a8dc219f3305
- SSDEEP
  
  384:WOQ7NLtpb4fzID+Gher0kEA/22G8HHVyRoTE+jn1zygaVAap944G/NW2TslXPTaV:OLtLWm8HHVyRoTdzlABkUs
Score

1^/10
behavioral11 behavioral12
- Target
  
  Xtool 3/Microsoft.WindowsAPICodePack.dll
- Size
  
  96KB
- MD5
  
  0d661949ebc172dfb3c3b98566bdf0fe
- SHA1
  
  c400a3d279b9b2ed8f5cfca0b3a8c342ea64d9e1
- SHA256
  
  808e96f59e7dd2212eace049079d25545f6c9c3f05244ec9cdc539fda18d34d6
- SHA512
  
  7baf43c4ae7709d91cdd2f70dfceb1db881d0d7c89c673fb166294d56a0eafff056128b605be20e0ad304f9392235403441a3b17a3c2f785a4e81931b40e0abd
- SSDEEP
  
  1536:dCrMf4QNZsVFCnmaDAtfMR1C7KGLnZOzIaxGIA/JtyzV/liTiA70hiuD:dWY7DyymCR1CfNXaxGIA/JwzFliTiFhF
Score

1^/10
behavioral13 behavioral14
- Target
  
  Xtool 3/README.md
- Size
  
  60B
- MD5
  
  a08f99867f337312d060940368867056
- SHA1
  
  bd5f9faa853cbd1841aba31047828b1a7864eae6
- SHA256
  
  c7f0f984fdcdcd9a05270dccd924937db986243d33f86578620fde8a47e0b062
- SHA512
  
  954a77c70e47b3e75b8baab64bc3ff2b7aa7c373e38e70fcc8d80a6a2b59d2bd79510fcf084e0473631669022f61c418d6a30a1e79baab9fbfc3bc7953457b1e
Score

3^/10
behavioral15 behavioral16
- Target
  
  Xtool 3/RestSharp.dll
- Size
  
  165KB
- MD5
  
  fe7c187578022fe787b1746582481479
- SHA1
  
  250babe7f6020b1f2904b000a0b5e086189191f3
- SHA256
  
  f24c190477960b29af20926b4d9f8d7791c1484f3e7cc25a38a3928cf353c05c
- SHA512
  
  89c9c7aa70556e6bf983869c4563c9b78487ad4c0da8d09a9f28f722b4ca5df244d9291fe89845c68659536aadc00d29644bcbfad4addc00c835297a563f0b68
- SSDEEP
  
  3072:lsChvztWrT9EZ0N/rc4x+s1hpVH5LqdxTIIIJI8Ij87t79UkXrw/GrvSjsl2x8:lDztWrT9EZQ/YMJ5r9UM1K
Score

1^/10
behavioral17 behavioral18
- Target
  
  Xtool 3/System.CodeDom.dll
- Size
  
  33KB
- MD5
  
  8da55dede702470c66cd3e2bff562192
- SHA1
  
  2a5dab71359f6d6a38f44de28a7c3af9ea085e62
- SHA256
  
  6f93b2f4f3a83f0575a5cbc5bfa962c597bea756d96a26a117d3f464da10e8e4
- SHA512
  
  037cb271a9f8c20b859fe50e26b5e4d39ba4dab9ec222693322185be7cb786f848cdeef17159d6dcf20fdfd168c428a650a6e4bf47210fb6211cb4223fdc244d
- SSDEEP
  
  384:TSe6Vw2O1OEeYWLPzr2bAfCqfps7tZ7U6rEAXLWYgWmDrWTgWYDf5OZkum0Gftpx:TVN5EEeYgFfpqJ4DkGDfoVihq+L
Score

1^/10
behavioral19 behavioral20
- Target
  
  Xtool 3/Update Log.txt
- Size
  
  176B
- MD5
  
  f3aa7ddbf8039f67d5f39efb418a6ee0
- SHA1
  
  1d952cb249ee88a65412ae04dbd97d895b82610e
- SHA256
  
  a23ba8a155a0689829c9554da65cbd656188ea275efb09502b20f5cacdafb717
- SHA512
  
  e5674591715d5b5f812471cbf1669a5079994dfac8b8115397f61844caa7cb08089fbde8116396bae39212d90fb0ff4054aac0afccf38f2454ab61b84c57f5fd
Score

1^/10
behavioral21 behavioral22
- Target
  
  Xtool 3/VisualPlus.dll
- Size
  
  808KB
- MD5
  
  9ec0b164631199a574437ddee14c224b
- SHA1
  
  9bbb046cec310d67199b4e2cc25be7a84bf33750
- SHA256
  
  715630f8399c15d326a0067866ff1558f727cfabc72d0ae4f6b61036d08b3b03
- SHA512
  
  38fa62a62fe853149e73bdaa612b63367b8c8ddb24a43606696929d4ad8f337b3df4c847ee863ae6189448ef6b1d4d6bc0ce64917a0d258009cbcf485e45babc
- SSDEEP
  
  12288:9Dds7AbmIVh4WaeFgZ4Rl31bggo4MTZw5Wv444aIW:1d/bggo4MTW5Wv444aIW
Score

1^/10
behavioral23 behavioral24
- Target
  
  Xtool 3/Xtool3.exe
- Size
  
  401KB
- MD5
  
  a587bedce143616dfe8583e5fce85c16
- SHA1
  
  2a3958921060ad82eabf1e589256ef1d31a7a17b
- SHA256
  
  15d23613ce975a9797bf888516a3f1983c807e11359e831631f8cc8f6898dd93
- SHA512
  
  bbe19fe57b21dbdb7e3f8727b59f3b76612ff918ca481854035958571473b9e8750f50a390f40fac18cc007cc48fdf6b69aaef0997f8bf10a76e6e74609406d4
- SSDEEP
  
  6144:DpZDXvONnit+/WFcag9Q8U9Vd9DH0/NwhiYqh/8U9Vd:DpBdt+/+g9QDd9DUOW/Dd
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26