Overview

overview

4

Static

static

1

Xvirus-Too...rus.py

macos-10.15-amd64

1

Xvirus-Too...up.bat

macos-10.15-amd64

4

Xvirus-Too...rt.bat

macos-10.15-amd64

4

Xvirus-Too...t__.py

macos-10.15-amd64

4

Xvirus-Too...les.py

macos-10.15-amd64

1

Xvirus-Too...mer.py

macos-10.15-amd64

1

Xvirus-Too...ger.py

macos-10.15-amd64

1

Xvirus-Too...ort.py

macos-10.15-amd64

1

Xvirus-Too...mer.py

macos-10.15-amd64

4

Xvirus-Too...ger.py

macos-10.15-amd64

1

Xvirus-Too...ker.py

macos-10.15-amd64

4

Xvirus-Too...ker.py

macos-10.15-amd64

1

Xvirus-Too...ner.py

macos-10.15-amd64

1

Xvirus-Too...ver.py

macos-10.15-amd64

1

Xvirus-Too...ger.py

macos-10.15-amd64

4

Xvirus-Too...ver.py

macos-10.15-amd64

1

Xvirus-Too...ker.py

macos-10.15-amd64

4

Xvirus-Too...per.py

macos-10.15-amd64

1

Xvirus-Too...ool.py

macos-10.15-amd64

1

Xvirus-Too...ngs.py

macos-10.15-amd64

1

Xvirus-Too...ils.py

macos-10.15-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Xvirus-Tools-1.7.1.zip

  • Size

    41KB

  • Sample

    240425-hycpbagg3v

  • MD5

    49b8031f045898b246c6efd27842f948

  • SHA1

    7dbe30c4f6f0a1ca4bf9d99fc11b292e7ae62cfc

  • SHA256

    43d4f8e901cf19bad05ecd05fdd411b460b2eabb3ee4bc6e91e70d0b0af8032c

  • SHA512

    1fcbac56b7ce0ac8b7b8973cd4b9f9fa6568f7000d4259a379839423e945c0ac8e2186d9888597906f69e5d0fb6552132dd8ce3fad16c66cca3b5931f75d4785

  • SSDEEP

    768:o19s/bX1CER7pNX8nL9XhVCNrjK+rMFQRojlmcmPsUKCQJZ+ZJQv/Gi9Q:ojXER7jMnxXhwB/4lCPsUKPuQnGi9Q

Score
4/10
evasionmacos

Malware Config

Targets

    • Target

      Xvirus-Tools-1.7.1/Xvirus.py

    • Size

      8KB

    • MD5

      fc57448db02026c736190b4ee77b572f

    • SHA1

      18cb2d216814c9834f70f185eca3cde0e2c212d1

    • SHA256

      67facff65be74557e19d5261402fdc42ed82715742b8365bea174a740b9453fa

    • SHA512

      ce43c684f32d10c575677d630922f66e0de91d732fc7ff161b4290cfcf90b273579a09fe0847f3d51afcc0b175ff0e07c69351f303baa2d7d36a9a1b0040f619

    • SSDEEP

      192:CGWZRZd7vnTNxTM/DTdkff9XxrcNqTf2BXsYEJv:30zlvnTNxTL9XxrcNqTA7Ex

    Score
    1/10
    behavioral1

    • Target

      Xvirus-Tools-1.7.1/setup.bat

    • Size

      62B

    • MD5

      bac1df08b5a2b813d82ace3a51adc67f

    • SHA1

      bd1279e6379de4ea6ac108718010235f3b342405

    • SHA256

      59f5244b33fe77d4dfe76e5159d44a07e037040f8790276ec84139ed3128a21b

    • SHA512

      175b17c6e7d91aea20e6d8d3b63abfd467c0cf7fc6b8c574e39dbffeb52db8c40020816291f7a83e0411a165d0535c033ff1df299dd2c2a7e48ba8b34dcd4afa

    Score
    4/10
    evasion
    behavioral2

    • Target

      Xvirus-Tools-1.7.1/start.bat

    • Size

      22B

    • MD5

      439fcacf5dbd7675b272bf20a28ebd26

    • SHA1

      567c60f881fe536d43f69973914cfa55ba3577a4

    • SHA256

      93f20b2d08664ce038d6c18475c6a82f6304da012aa910ffc82aca3657fd0a76

    • SHA512

      b4650e771dda5e29340867f73d5f5478e28ac3d17f00ea8d99f71e6d519faedf00e00aeba0cab889984a581adcde65a20c9bcb7e6ee818f0471de0dd6bbc1262

    Score
    4/10
    evasion
    behavioral3

    • Target

      Xvirus-Tools-1.7.1/util/__init__.py

    • Size

      702B

    • MD5

      d315dafea7a144be416a544d993f1f21

    • SHA1

      b3ce60f1e5818d7f06ad31ed5ab615633808d2ec

    • SHA256

      7e6f34bc5a3d996efbf6e105ebc3d437af888a389c6b6034128b566ebaeb12a3

    • SHA512

      e701514bf9c5430b654cccd39049acda7e6fa6bd1a95ece193741ecc35ba2d9747eaad097e2501430aa2037fec23c2f740d08d71763c138f6384d7432f94a208

    Score
    4/10
    evasion
    behavioral4

    • Target

      Xvirus-Tools-1.7.1/util/options/bypass_rules.py

    • Size

      797B

    • MD5

      00d2a8463899d3a15c6de0862afd52a9

    • SHA1

      15c0055785dde13192dfc809eff127c0c3c459e8

    • SHA256

      6d3d030fd620ef28d68f85e565cbf30ddeaeed7da619edf229861ee5991e99d0

    • SHA512

      f9847c1892acc0b7b6709f7e9ac9d9c715da5331adf3fb7b0abeb5505692c35927def47a60bbee23dd18e99fee7c9486527c3b586337d72712ed10e6c0841b47

    Score
    1/10
    behavioral5

    • Target

      Xvirus-Tools-1.7.1/util/options/channel_spammer.py

    • Size

      4KB

    • MD5

      dcf6cbe5953a1df30817619cf06c1791

    • SHA1

      5e75364a65f4eb3cba26c3744846f58b5e5b4e85

    • SHA256

      e3917f95e8201ab5b01a693aae98fc7aebdfa7c2fc151c467763105ec8930788

    • SHA512

      d83f6ab5235ab146d636814097078d9d2a9d9a9348bceae89ca3b49a6fc8f1c7f0003ce0f745ce4a80f117b92d0af9f1a47533440b98ac1553c6f33f7a3d850b

    • SSDEEP

      96:kFEJE6Bilg4fgjAQr+5QacHdbTgvboaciM:YEJE6Bilg4fgjAQr+5Vc9bUvboaciM

    Score
    1/10
    behavioral6

    • Target

      Xvirus-Tools-1.7.1/util/options/hypesquad_changer.py

    • Size

      848B

    • MD5

      76f7f1aaf4b032981e2ccce6f5e2ec87

    • SHA1

      f0664b5160bf8a3fbd1acad9807e1b799a0dc709

    • SHA256

      4d4caa5188df4dd6969e0daba7641ecf51adf79285cf42766284a0ade37ad384

    • SHA512

      1eca05ef1685e3f565d1df1c8727d89d064dc9cfecd465089d11b4e6560f8bd004f939bc8a614cfccfc24628e1dc62445be403d0ff673d3124636503034436ff

    Score
    1/10
    behavioral7

    • Target

      Xvirus-Tools-1.7.1/util/options/mass_report.py

    • Size

      1KB

    • MD5

      cb6e68aec2d603b5177f1227ce88c431

    • SHA1

      bbe7006c81b8968b02127522b521fb2b0086e126

    • SHA256

      879e4942541b288b5f6e5479a3badb8d2c7def127c1bbc8609ccbb7418ad222d

    • SHA512

      00ffead5131ca63c7b1d1337ea05ae72c69718a9ecebbe804a9e8f5b5b5a4a2fb3f2d3347206254d343cab2e855a78b9afdff197fe2129a617c381b61399c923

    Score
    1/10
    behavioral8

    • Target

      Xvirus-Tools-1.7.1/util/options/soundboard_spammer.py

    • Size

      1KB

    • MD5

      aeed67f5c6d83f7c9a262e5a60751d20

    • SHA1

      77405701061c7a1208fd38dd313e198df46829c4

    • SHA256

      a6cc0b409a54ac21d0662b156c029694b4fdbced30db2307ba83443502ae2f0d

    • SHA512

      d770142aedbadf384462eadb3cb40e2155d30345a668da2673df9c20127c85d6c3cc905f9c2a1e42e15f21f7c6070aa6997c5a87bbb90158f2b1a8c2769f2212

    Score
    4/10
    evasion
    behavioral9

    • Target

      Xvirus-Tools-1.7.1/util/options/token_bio_changer.py

    • Size

      652B

    • MD5

      962025c8a81b68cffaf8e005cb9e97fd

    • SHA1

      6b27de20863640f612d56fccebb504d203b09c70

    • SHA256

      2f5255735b30f655dbf7ec70c19654aad86ea9d7c96f922f0431e0ccc4c49da6

    • SHA512

      e56c8caccab6cbf52263425d8bf5d90994216ce7d413d3038499617d7f8b057be441905a6e66eb318b9238c60699faa9e080495086a56e1577cb32788d32f25d

    Score
    1/10
    behavioral10

    • Target

      Xvirus-Tools-1.7.1/util/options/token_checker.py

    • Size

      2KB

    • MD5

      e2bfa4e9f8b47ac523a74657bf8aa686

    • SHA1

      c05438946b372a943888f03ddf0b6d53c677f4d4

    • SHA256

      143b3e2b9a3239cf2e4ec9a1bbfaf8fb4ae6e9d6eab4d06d640410882a114b30

    • SHA512

      6359e75c95c8c2a00a266e991201d0b406ffb5ea4facb751723bbdbcb3c5fa945e89c7733b39d69522cfc5ca91662ee6e07d4906e9fd3d19349e97e86b0d5a6a

    Score
    4/10
    evasion
    behavioral11

    • Target

      Xvirus-Tools-1.7.1/util/options/token_global_nicker.py

    • Size

      668B

    • MD5

      aceb9d50b3fd883f809940a1ccf32c58

    • SHA1

      99533de8d3f33a3da6c98a7963de0bf307258458

    • SHA256

      d972e6a17370e2bd5f9d86a016994b5a1c5b06089cb2725d1c7a4c20e0a133d2

    • SHA512

      fd8e1e09a72c9432c87fb3bd0170aefa2b569bca9f325714f43c013fbb007d9423c60d033bf3abd14faf2e27efdbd1bf268f6b0ef085ebfb38b38dbd3b1aec4f

    Score
    1/10
    behavioral12

    • Target

      Xvirus-Tools-1.7.1/util/options/token_joiner.py

    • Size

      914B

    • MD5

      cecb0053c054bb678d06598d0318ad5b

    • SHA1

      0492a0fb5d426d9fe5c4753426366be158daaea2

    • SHA256

      c955e1399150c26775c0fa5715bfe8359128217acda1e4c64198387af9ac7d18

    • SHA512

      edb96c1c990172892006eba4f633bb285dae3f5e642a97be6a8ae3131c4a8d3a846d164eec0c778489a31d1b06d056eea8044dabe168ad73cd43253c32dadded

    Score
    1/10
    behavioral13

    • Target

      Xvirus-Tools-1.7.1/util/options/token_leaver.py

    • Size

      708B

    • MD5

      d07836dfdae885aa63f2330d77ebd13a

    • SHA1

      7fc41aa969002ad4024c49391e052ebe5bbe4179

    • SHA256

      14af02b6cafe82c28152c6514d7e5fc6684630575d99539a4a8b14e407bd62e6

    • SHA512

      4f050551a0c025432092ffc4d7c6c1a5803a5750cc99a9e393cd88fafa519cfae4ee12b322f7cdd27915f2fad09ff40ec2f9b8571b4c7b8ed307ccc9b130077d

    Score
    1/10
    behavioral14

    • Target

      Xvirus-Tools-1.7.1/util/options/token_pron_changer.py

    • Size

      1KB

    • MD5

      27b93193d54eb822a12722e30dbff85d

    • SHA1

      1136b0533d9324ca53e275ecf6b2b73054e7728e

    • SHA256

      291dcf208e0e15e260016111ae69e07977b59cd1a45fce39d53f5d95ad8d4619

    • SHA512

      a5bd438287fde42c7296a44b0ff2a3403b67951f48ca4b491ed09f1978da3e52c6feeea0606ec7e10c331a52438f87ab2f8c8c544faf065fc123556552aafa17

    Score
    4/10
    evasion
    behavioral15

    • Target

      Xvirus-Tools-1.7.1/util/options/token_saver.py

    • Size

      3KB

    • MD5

      cd7d84f49f57f4df542b15f5fcc045d8

    • SHA1

      13ba83e3584f7507f0e997215215a68dfb830264

    • SHA256

      be13e10efd2c3f95f8394b19c8999ed44da8e928d6c8d0d99bdec385252bc152

    • SHA512

      3dd8b9269157b9dea6d45c96d7e8e650567c3f4173401f09732281ec98f67a0e4a76c17360af77756b9272e807ced862c7bb83fa1cac1ee9128ea42b9300783a

    Score
    1/10
    behavioral16

    • Target

      Xvirus-Tools-1.7.1/util/options/token_server_nicker.py

    • Size

      740B

    • MD5

      48311f696e11c832fd58ec054a673fa4

    • SHA1

      2d36aec3febc6ed4d2343ac75be9dc2ead6a66bf

    • SHA256

      bd4fbe4d5cd411826f395fe008d893fb5695cb157e937172651c9baccf9c2c50

    • SHA512

      606d5c7d03acd9c7dbd09df44ff77161d1b03eca20c9ce52374bd5751f570e6548553eea6d082d649423b906441c6f4006e47b3cb02ce8dc28a13868d6582040

    Score
    4/10
    evasion
    behavioral17

    • Target

      Xvirus-Tools-1.7.1/util/options/token_typer.py

    • Size

      771B

    • MD5

      61d674f740c88c42ee2a4c5b6bfa90b5

    • SHA1

      2f50cb9d2c5c5ec623690389d3b3188d15c9ffd9

    • SHA256

      281ec3de36bd66aa71fb3926b7296315fe60f039b68a6f0a270de89ae37af48e

    • SHA512

      0b6db54420945510c34ad3d9be7ba6f64d749181643dcad15fe387acefde432202fe33caee3973f007a75d92d31057bc346b5b6cc958aad9f1321553be89abc1

    Score
    1/10
    behavioral18

    • Target

      Xvirus-Tools-1.7.1/util/options/webhook_tool.py

    • Size

      1KB

    • MD5

      bc69a9066ef465d4df48faf889c6f6e1

    • SHA1

      d41b5ecdd89c087f9c1ed818ae567e63767b02f6

    • SHA256

      da26c883e94ab2cd406af72c0550c1aff96f3ee46d80b2289f0eaad5bcb9b2ed

    • SHA512

      9e53ab92ffbbe094b36f946ffd73caa8ec228aed6af08e1255403b819855c067a44864ce465692986da005b30e9934e9dc182f70711c3c78eab10fdfcd3ef92f

    Score
    1/10
    behavioral19

    • Target

      Xvirus-Tools-1.7.1/util/plugins/settings.py

    • Size

      3KB

    • MD5

      4fffec137b113046866b415da3c7c478

    • SHA1

      9628637e829fd25e3da32e6ec8796e0130648a46

    • SHA256

      92450d3ec42db8d12870e1495d3e32d352e9222d8898f8e55fcaf0551baf739a

    • SHA512

      eb81cb8e35ef6b6fa09377b942002d7dc759012d52caff731b7db55a475e4ea54c9ab41e332084d468a617369132cce31079b2cac6ae227df156810cc00a11d0

    Score
    1/10
    behavioral20

    • Target

      Xvirus-Tools-1.7.1/util/plugins/utils.py

    • Size

      18KB

    • MD5

      b1538c3b3e93d8aba8b8adf116e12535

    • SHA1

      e08e61e6950f59d8ae25418e03671044215dc5ef

    • SHA256

      ff748f461e05ef4d1c96736bca92b23bae0b8b5bf7f3ecbb6a03377cf8e1d240

    • SHA512

      b355f1dd160cb6a18e107204569fb1e0492f33732caf1d4b07ceb71bffb42fd5afa22c6eb7fc222fd26e55f95adc19f0b8853b54fd7215af0e3d3fb29dadc39e

    • SSDEEP

      384:hIfZeykVtgCdCxWCq44Cq8CC3CttCWXCuaClCzRCGCqAJvR9g6GTgY+nTNbS+txo:MZTkVtguD24ilmfO2M3hAJvRO0NbS+tG

    Score
    1/10
    behavioral21

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

7
T1564

Resource Forking

7
T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks