e72f269d650bbb293a97964bcf8f8ea6425f3871baccc0ed3380441cda7cfb04 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

XToolBox.zip

windows7-x64

1

XToolBox.zip

windows10-2004-x64

1

XToolBox/XTBox.exe

windows7-x64

7

XToolBox/XTBox.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

General

Target

XToolBox.zip
Size

9.2MB
Sample

240526-rz57paaf23
MD5

b6c68b7a93de0de7e4b4badaf143fbd2
SHA1

101bd9b238fc470b922e078a2f48a697ddef86e6
SHA256

e72f269d650bbb293a97964bcf8f8ea6425f3871baccc0ed3380441cda7cfb04
SHA512

32d61afdb3d0a5d88076ab37502d46c866c93b3d5703a13721b6e037b75e6829aec1499f553a26f4350f255af0479dc0bd9a2851e4b035af12037fdd9a1c9a78
SSDEEP

196608:9ZVNizZm5THvSKZzrar56B02z3Nfd0bqLyg8uf:9R0Zm5TPZFar5YLd0Oydg

Score

7^/10

pyinstaller upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

XToolBox.zip

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

XToolBox.zip

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

XToolBox/XTBox.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

XToolBox/XTBox.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral5

Sample

main.pyc

Resource

win7-20240419-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

main.pyc

Resource

win10v2004-20240426-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  XToolBox.zip
- Size
  
  9.2MB
- MD5
  
  b6c68b7a93de0de7e4b4badaf143fbd2
- SHA1
  
  101bd9b238fc470b922e078a2f48a697ddef86e6
- SHA256
  
  e72f269d650bbb293a97964bcf8f8ea6425f3871baccc0ed3380441cda7cfb04
- SHA512
  
  32d61afdb3d0a5d88076ab37502d46c866c93b3d5703a13721b6e037b75e6829aec1499f553a26f4350f255af0479dc0bd9a2851e4b035af12037fdd9a1c9a78
- SSDEEP
  
  196608:9ZVNizZm5THvSKZzrar56B02z3Nfd0bqLyg8uf:9R0Zm5TPZFar5YLd0Oydg
Score

1^/10
behavioral1 behavioral2
- Target
  
  XToolBox/XTBox.exe
- Size
  
  9.3MB
- MD5
  
  6ec7fa39011af3ffa24e33d6fa84b29a
- SHA1
  
  cec6e4e196a724bd7ff02a3b9f7c4cd2740ad1b1
- SHA256
  
  e11c9fe6b9ef6eab5e8f50c84bee4fa5a86a680d8bd9999113bedabed97ba439
- SHA512
  
  46c806947a4c872efc866f2b66e2def07ca57724176577e7d5443f59941221906b30b3e7932f5f9353002a9a7f524ba5c8ca4ba744f70a37dca030a895ccf7f7
- SSDEEP
  
  196608:j0B3Sb7AbT/9bHLz3S1bAqJDqsoZJuzfVAVaNe:+67AbTl73S1bHJDcJuZAYE
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  main.pyc
- Size
  
  54KB
- MD5
  
  5b4c12519facb320bf5a05134e87e401
- SHA1
  
  2ad739c39d280fab416e5fac5115935f8bc8dcb8
- SHA256
  
  910359179109a67797e3f9becb6463102451ea09aca6fe550a8f4c8862e9c43a
- SHA512
  
  76d83f6de5db00aba42c492c439d1767e3b0f65944a03c942bb8019895921a82bdde8c8ace4e9c5cec2fb58eb27e391ceeaabcb43e90f98bae5c3c2ce0417072
- SSDEEP
  
  384:/RU95tS2CUlgCjK8N+BRWbqeDg7TI7Q026W0ajDpxbkNrxVAw4dcl2B/HSKb9W8x:/CLtS2CUxjcgtgZK7VAw9lkHDKbODjkE
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

© 2018-2024

Terms | Privacy