xworm

Sharing

Copy URL

Twitter E-mail

General

Target

Nexus-MultiTool-main.zip
Size

13.9MB
Sample

240630-w8cnysscrf
MD5

3a9f41d6b4d828253af5f7f4aa0e229d
SHA1

faae59a20e832836a762155cb3af2ffa42c12c1a
SHA256

4a2923ae1b1cb07a7d5bd054ab63e2e30607aa1d3756bcf783f2a19ecaf9948e
SHA512

9ee1cf76f4c78ed350df2bcab00868f744bf9fe96b1cf76c9b31a86a850917492d234274dce021d7aaee29c64b04682818e5861da1d7d0743fc1af78ec8c862b
SSDEEP

393216:FxNr9sVYAidAS1U7gjwWOEwJjC0lprTUzKhDAhGiVCeifrgxuCD:FxNJsHiiS1UpU0lprT5hDYG2Ce6UD

Score

10^/10

Malware Config

Extracted

Family

xworm

45.83.246.140:30120

Attributes

Install_directory
%AppData%
install_file
runtime.exe

Targets

- Target
  
  Nexus-MultiTool-main.zip
- Size
  
  13.9MB
- MD5
  
  3a9f41d6b4d828253af5f7f4aa0e229d
- SHA1
  
  faae59a20e832836a762155cb3af2ffa42c12c1a
- SHA256
  
  4a2923ae1b1cb07a7d5bd054ab63e2e30607aa1d3756bcf783f2a19ecaf9948e
- SHA512
  
  9ee1cf76f4c78ed350df2bcab00868f744bf9fe96b1cf76c9b31a86a850917492d234274dce021d7aaee29c64b04682818e5861da1d7d0743fc1af78ec8c862b
- SSDEEP
  
  393216:FxNr9sVYAidAS1U7gjwWOEwJjC0lprTUzKhDAhGiVCeifrgxuCD:FxNJsHiiS1UpU0lprT5hDYG2Ce6UD
Score

10^/10

xworm discovery persistence privilege_escalation rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Downloads MZ/PE file
- Drops startup file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Nexus-MultiTool-main/Helper/Common/__pycache__/utils.cpython-311.pyc
- Size
  
  10KB
- MD5
  
  5fa1e480704b83c78acabdbf5fb59233
- SHA1
  
  70ed090968ee7881b2bca66d7214d2e148b5db2d
- SHA256
  
  95d710eec388b812ca145d16e2dce5b0cb6fd82dc99935d6be7d28237870b00b
- SHA512
  
  785fcfc2d428dae1744db8f6aef26ab1e6fcf90a14bff0cc0e56d5be2bd77aea9100cf37be18f20400a3a364cbcf1d9be73887ff40ba5c35b0396ae4d4c6b1a3
- SSDEEP
  
  192:1P2D0Vje0wXUjAksfodWrPhMHmME//fzJTH7pxi//fzJTHapbCwpWWH:1k0Je0wXyhc1MHmbpW6
Score

3^/10
behavioral2
- Target
  
  Nexus-MultiTool-main/Helper/Common/utils.py
- Size
  
  6KB
- MD5
  
  cb98c712233211ebb88d7acb562a688a
- SHA1
  
  af42b5345e584c8b5d8f69eddd3b3461dd751810
- SHA256
  
  e884d7d27f3fed6ae7c9f3f2445221b9828519879672a24c4afebe4b03e75560
- SHA512
  
  b118e9843542f9d59ec47772099876863d045af36aabe54855a7b75fc1add28c1a11844705fc7133b4befc1cc40fb3449226bd709a677c733012bc94fd52c251
- SSDEEP
  
  192:eCUC6C3TzlVNM8WrPhix//fzJTskpo//fzJTshpN:eCUC6C3TY1W
Score

3^/10
behavioral3
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/clear.cpython-311.pyc
- Size
  
  5KB
- MD5
  
  3dde2d45b4e5efbe8118d37b31248a47
- SHA1
  
  3f1fd66f652b717735bf538279256a4083be4baa
- SHA256
  
  cdd63df3f78b98db0db0c12d59f5479fc98e2cd90e880b886d138a8cb71eb936
- SHA512
  
  d9dde81c5c1843df7d082061c23c62c3c58ef35bbefed76ecc24057c6016596bc13ada2c438c56f8d5a3ddbd40e673ff82f446bcd63271120a2fe57f79d83922
- SSDEEP
  
  96:ZIVeCPRi+3y3YsIatZsiTtjJQzrV7nNWq+HnNct:Zv6RYAi5jJCncLnOt
Score

3^/10
behavioral4
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/clear_output.cpython-311.pyc
- Size
  
  4KB
- MD5
  
  1e9a1f137e267b5aa433b6a0157022b2
- SHA1
  
  5b621c037d5f00f58c6f45f1c4b25a3216549d47
- SHA256
  
  08001a11347c1be402f7dc277389c25b9ab98f36c22c5076c46290357e445c69
- SHA512
  
  9e4fb0d9fb1b86c3461fded0136d9af486c4ba14f90a356973aeccf0a06b2adfb7357927adda792dec4f88b0862fb1a01b506c170a4eda583945d6d9c73eff76
- SSDEEP
  
  48:isiafwmCfLfR8/Z+3y3IFsfwDpr3ZsiswGaojjJbczXtlVTenNUV/Ni0:GmCjfRi+3y3YsIDpzZsiijJQzrVinNMT
Score

3^/10
behavioral5
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/faker.cpython-311.pyc
- Size
  
  8KB
- MD5
  
  692658f060cc852665b44607ae390599
- SHA1
  
  6f8349ee8aecdd36d44df2ffa04aa867fb9a0715
- SHA256
  
  2ba2ae90443a887446e8695dd1120c0ffb41f938bf676ab425c6be93f497c4ed
- SHA512
  
  a9f83478841c7b733fe952b1c03dac50c769ebbf2d69cc541dd124863ccb92d0207a594c6d614533ac9be23c86ed346addbb3512949939e6f32c0fbd9bd7cf77
- SSDEEP
  
  192:yBKArCBlnlN9OoW+fZrLKFNcTaRtgl1Oh0Trk:yBKAs9hfZueGtgl3Trk
Score

3^/10
behavioral6
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/obf.cpython-311.pyc
- Size
  
  14KB
- MD5
  
  7dea1f8837f23120275d34b590f3a679
- SHA1
  
  98ac3fd2c6e416e1f9c0b917cd920b9383ffbe04
- SHA256
  
  42db0b1f89a7179035d183d85877bb23c2abeb4d5c13dc17906e2b6dfb09d6ac
- SHA512
  
  45b1498e5efffbd5ae6b5c14aead8d7575b843e29a263bb0ee69c0beecf69b6276b8d499f283a7ccab471561108a654a08c1fdc84681900870011c35e8b9697e
- SSDEEP
  
  192:YPvvDlYhhSk5R6L/R6jyD3EqAeVGkcLY+/uCqRAiz4FY66jXP22:YPvvQj5R6LpUyjEhs2YWsAicEDP22
Score

3^/10
behavioral7
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/proxy_checker.cpython-311.pyc
- Size
  
  5KB
- MD5
  
  e4983631d550af0fba1dc1360c7c2e63
- SHA1
  
  744edee3f92e860d05087516226e1853dff20b71
- SHA256
  
  328d587e6adae5c1a0d9b6bea8df8d2f0f0bfd01da4b60924a03cded2a054629
- SHA512
  
  0b291cf73bc1600e73649eeed8aa3a53cf5d6cb097c68e6905b96262c4d31cd10b5412f8412d01229fac1fc133b8ddd576eb2f755d3ecd722404a746c4d30736
- SSDEEP
  
  96:ABzB/GLHpJLNND0X13YeiH6j3YwgB54yGaUu6/jUZbgaALM8mxt:eJGl7N0Xen6SX1Z6/lixt
Score

3^/10
behavioral8
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/proxy_scraper.cpython-311.pyc
- Size
  
  3KB
- MD5
  
  91c5a59b126ba9642f828bb25b87edfd
- SHA1
  
  e142003e634e96dab6bf6782f703de8d26e2e13a
- SHA256
  
  ca0e24c0d4cde08a6c56ccb57ebcdf56d4adc7cf6c0dd899a88cd1717f7d75d2
- SHA512
  
  2c196fbc156ec30d70fa2518968e409241c4ef197c01b0530b375513c1f56aacc458ad5ac9a220c0943b8d422dbaa18bd4abc11eb665842981d5d8f2e9177625
Score

3^/10
behavioral9
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/remove_doubles.cpython-311.pyc
- Size
  
  2KB
- MD5
  
  03be1ea6cc032d23d585a6ab995cc985
- SHA1
  
  8c2862d88f36aaa7f53a0ac5121fd59d05242b14
- SHA256
  
  4762babed636a6483718594c6435f40924edd74b7e639029faf354bc06de3541
- SHA512
  
  8d94679352e8ae4c843aee531169af00704156eff6687acf72777da17409308b370e237818fe1f9247de4fe75b28c7734417db7a2a5e827610448c874b7bdbf1
Score

3^/10
behavioral10
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/start.cpython-311.pyc
- Size
  
  4KB
- MD5
  
  32f2818e99bd5b8afa26b7d17a156472
- SHA1
  
  5b0372c4fd77bad69b5aaa6a1626897f69474c5e
- SHA256
  
  baf86290d15309d539f60711217537cad2c1da547c7bc2a616394f0b3ca2c744
- SHA512
  
  decd78d477de51620763184a95591ea92f70887f8831c515f40e045e8de15a4e6b718b6127f301d00f97440641f2513137522c5d68a57e6779b4e58fbd72ad36
- SSDEEP
  
  96:5mCj1l1l/HTsIZZQVARRgEup+id8fuExxHtzly8KYa:ku1PJAIZZQVARRgEQb2a
Score

3^/10
behavioral11
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_checker.cpython-311.pyc
- Size
  
  11KB
- MD5
  
  74249e21ffb73aee330682e3b992796f
- SHA1
  
  5be62639fa94cce294b80cc5f54dc8d45b5f8b20
- SHA256
  
  417d63926b6ea3eb070f9e35f7c53f97697c35da6a5c8dd976037d694c953ea5
- SHA512
  
  30fef7e67d57087e280f108f4d0e54afa14947c78f726d8f3e93396d8f6080fe4284768cf5f0bfd80468753724db9904912502b898826dba6e5044f8d991a563
- SSDEEP
  
  192:pQvC1SA03q0s4T5ugeeWkaAn5AvzoejOQ1PJ:uvC70a0s45g8kqQ1PJ
Score

3^/10
behavioral12
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_formater.cpython-311.pyc
- Size
  
  3KB
- MD5
  
  a247e0fdd28760612241c01d95f4b733
- SHA1
  
  1d9d4834870ff6d5856959cc471355d0c07c1b6a
- SHA256
  
  f3fa7a9ffdcc3002305fe7fe3aecbbfb83caa27f41aca2ccd371fa6e943616f2
- SHA512
  
  135a8ef828f28f3dd551db2e4b7ef97e684ef8eee2327fd017ca73cdc5b389e88c200f5e200138e1f780655f4c3e17859375fcc8d1c9a356370344d1c18c07b7
Score

3^/10
behavioral13
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_guild_check.cpython-311.pyc
- Size
  
  4KB
- MD5
  
  1c5b7bdd5b0063249f3410b8647e148b
- SHA1
  
  7c0ffa7d348581fae3cf498928f77c494fc2e73a
- SHA256
  
  134768aeed5489860b3440d8204094f3d6d3ed1d46ce03a3bf1555f8849046c4
- SHA512
  
  14f3e6ab11bf85f27b17c97decb0efbcc05281e727b023f9ea1106df90476e59a0b30941c4f7a6c206375d46c9465e3ebd8bac681cab82e3c04ba5ed46cd96a2
- SSDEEP
  
  96:IP1Mno3E18Qsai0+D2VmamXmYMeurcfScHO:IP1qmQc0+D2IF2DHroHO
Score

3^/10
behavioral14
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_guild_leaver.cpython-311.pyc
- Size
  
  4KB
- MD5
  
  a0e5d942657f40c31b37fb88b241a9d6
- SHA1
  
  aaebf11df2c07a1869bdb48ad12a94063ef614ef
- SHA256
  
  15706d8884f08367ef6ffe5345bb8b4ba05cc1c6bf0c6ffbe6d72088844dcd67
- SHA512
  
  c6501cd4ab9b2c14cf312f6696db75ec0aa730057bd9d004425600a760411fca6d7b324c2904d229922aebf49f3bfe10fe85c2647e7efd9eb992004566730b24
- SSDEEP
  
  48:nxCCSC0CXM4S3pEKh4swmk4wuymqB+uS2Oeot68xneG+y7+SGjShGnYZdR:zZKm6wuc7j/4eNK+SGjbYZ/
Score

3^/10
behavioral15
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_server_check.cpython-311.pyc
- Size
  
  3KB
- MD5
  
  d8286a5336f697b5298accd59b57620d
- SHA1
  
  1aa23e1756b95046cd38d5a2bdef06056e4b4003
- SHA256
  
  3076e430e2c7fcdbac92279cde1e6a403245d277c89ea0bd4bd4d510c3b1b084
- SHA512
  
  264fd9d5aa9f56505a35f0ed8401e085bef445fb8c0b630913b35fba4802bffaf0b3d41bf6ad4733ba264e9b0ff9263d7cd80927b586ad198dec5915d136b754
Score

3^/10
behavioral16
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_sorter.cpython-311.pyc
- Size
  
  8KB
- MD5
  
  4484f6cb8b21bfc92c7b18dc44b97807
- SHA1
  
  38136c9596ced9427f6dc2611a9419ffc302d6d6
- SHA256
  
  330f707a32f03479455a01857e9fd7765b77d74c907d557ff9a8d1f130bbb81d
- SHA512
  
  2470f4a46f5bf6d1c05be8b732ae98c703a6c1b059afa0c66aeb2d9dc70f28b68caab12b15fd4043806cfcfcb1e4b5504e67b8f4e6964f1ee9b704a8aa86f9cf
- SSDEEP
  
  96:tYfvCVoB3tGv61xuDirFIFu1xuDirFIFnxY7Bkd/CWH4bK1s3O92CMW7UjlUXC2B:tKvCVYtsYdS/CWX2jW7UxUXloG
Score

3^/10
behavioral17
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/token_spammer.cpython-311.pyc
- Size
  
  3KB
- MD5
  
  3253b34e5669c1a3a6b55a261f13ea01
- SHA1
  
  1b121ee666744e944575a51f46e319e0b2baebfe
- SHA256
  
  bdc41d40b5a5e114b1ed49580683a647a937b769507ff807e6ca48404085c519
- SHA512
  
  4b08fe5f1c66a6e6ca0839ddf629611c7bc9c3c6ef00b364e5e071f128a2af32665bbd0198e389e4aa6889f819bce5b19fa12a65741396fa44053472ff1254bf
Score

3^/10
behavioral18
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/__pycache__/webhook_tool.cpython-311.pyc
- Size
  
  12KB
- MD5
  
  8c2837cbdbf8ae5cb6ddde48469a2aad
- SHA1
  
  cc4ebc645eb034dc2340720491d977cbeecdde6e
- SHA256
  
  7c9bd8f24a9eb002591602050d54b5f72aaf028efcb40ab8021baab5b606f55d
- SHA512
  
  afc5dafd18670bf461f5e583204a9021e03f9aa5dcbf05284e0e78e988c0f3a57a47be9c9b3e8106fb8a60b68f000c7dd56022d1fa9771aa8a908fd25a25d5c0
- SSDEEP
  
  192:hcH0t4VN2Oj0g61+lE+ARJk8ltOw9zwDPyItlItAdUVM//9ja:AvYX1+NSOI9zVILIuX9ja
Score

3^/10
behavioral19
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/clear.py
- Size
  
  2KB
- MD5
  
  3c0877f9abe301d9c435fb6dae787cd1
- SHA1
  
  fbafe9f059345077ddf0c65ee361bfc102f058fc
- SHA256
  
  0c4256ee5273a42fb88bad487c62552b6db657e3aec2ad83b01d24c1b6bc3779
- SHA512
  
  7274aa9d98f26d92c08687b7208f2695a5c7285860dc5459e9605f2bc349d916b96d5ac943056328e62f4af7c4b0ed3b0b72747d0e84df2bad3a985b48f84aa4
Score

3^/10
behavioral20
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/clear_output.py
- Size
  
  1KB
- MD5
  
  082e6d8f54f27022059029c0eea1da97
- SHA1
  
  5f6de51cd14de705466c608a2537c0958840172a
- SHA256
  
  49a3eccc08a55eb20bebeddce4b63107e5ef186ae5e368f0a4a8bce3af3b6155
- SHA512
  
  e1fdd5e8ebbfcba005544b36038f09b7683fb423e28f5950d09b34e0e4a2d04c31426deebf2453bb6b511ec2fe1bd10c3cc6374430bc663ca8806077c8955fc3
Score

3^/10
behavioral21
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/faker.py
- Size
  
  4KB
- MD5
  
  c0597de8efb360f911e9b1568dd0fb5a
- SHA1
  
  8ad87c3bf080458fffc9461d3216e805a0cca104
- SHA256
  
  cf554c5888aa14401a7e3f4efd210105e7b5e87f41ad908505e742bfaf5686e3
- SHA512
  
  997fc08a2a047ff517aee09dda96ae00ed6ddb586d3677da492c550b1b656ce39eeda0101523b0d980a97070e99c63e337511841a85a023699aae719463e7740
- SSDEEP
  
  96:glTt6SMHIPJugMeAUfjUUft5CBv+FYZxiT:gS6JD5jU8DCV+FkiT
Score

3^/10
behavioral22
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/obf.py
- Size
  
  6KB
- MD5
  
  f0cea375c6aa69eccc5d7a05017d0887
- SHA1
  
  7fd66605edd43fa4c2d5f6ec76a1606bae3a3ae3
- SHA256
  
  c2d62ce4a8349bee304dd6312320094824542db94abb5039e28221c278f97010
- SHA512
  
  80059fb9779e8f6820931a01bdefafff21b70265281b839cf016b788101026e1fda278fcad8d3f27d4b8110607a1bf791307ffaf0bfe97c23573a89ddf01e947
- SSDEEP
  
  192:np/M9F60/QE5ki5MPvRiBqxpAnMzyLbhUjj:nl4/QGt5MPZaqxpAMzyLlY
Score

3^/10
behavioral23
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/proxy_checker.py
- Size
  
  2KB
- MD5
  
  ab624f00971cd4a4e116802d09e09110
- SHA1
  
  955bec6833dc61c7c3d6a9c0595a10c49a24bcdf
- SHA256
  
  6f0337971a7d6cdcbd2471d680b4fca8c170f052f3d416ccfdc90d5a22053442
- SHA512
  
  5e36c74a234038ddbc1598dbdb1ba39e65f7ec66bd6476d560818261e95db72f378dc8fe41630a39e3e8dbe392808a5068e1d9c9148b490d4222e42801e1801a
Score

3^/10
behavioral24
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/proxy_scraper.py
- Size
  
  1KB
- MD5
  
  936c6ead96257fdf2e3ae60821884dbe
- SHA1
  
  9a22bf2c8aa4d9d0ffbdfabdea482ce814aeade0
- SHA256
  
  4c9ca6596864bd796f83297432f0272a4bf7e5c6ef8fdfd1e5c557dbdcb0f600
- SHA512
  
  bc095daeeeb551415322a2f390d38cf754b6443c938bb0e69cc45009f9a83326780b8458b66fd2ffe3c429322fb74f46c2ed1eb5828fb1f3e6331c44d35e29c2
Score

3^/10
behavioral25
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/remove_doubles.py
- Size
  
  1KB
- MD5
  
  f54978026dc4ccb6faf1e08c897dfbc4
- SHA1
  
  949f0885cfb96eefbff114b33d0ce82bd3154fc2
- SHA256
  
  8ccc20d758b2e7ee7ccb55f878d4ecf82298b78344a533b0cf4052d2a200c26e
- SHA512
  
  0d3a9d0639b74cd099841bdb1148406b00ad45e69f2fba2c325e9b2961d8e0f37b6b099003514e33bead542a10efcae4b3c3250f26d6629a957e42e6700467be
Score

3^/10
behavioral26
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/start.py
- Size
  
  2KB
- MD5
  
  893c4b96766559f9fa6183b37673a8a3
- SHA1
  
  0d6c3e251be577c9ccb3f1b801d908b27b0ad5e3
- SHA256
  
  46cbc08a9a4c2289735c3bf136f8a23deea6af4785541804b3615f3d1dcd427a
- SHA512
  
  159f7a116efa8d2a6c68429812b7c0d47231ad9efdaaca5fa846ea07dbccf918db7736510985b153719ff5d4b66720dcc63085794a24d05c2da21b323182aabd
Score

3^/10
behavioral27
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/token_checker.py
- Size
  
  5KB
- MD5
  
  a0e9672da554ad11f49832db71be8e60
- SHA1
  
  3eb07c1f9c19a4f743e3e1bf93f3139d93601c79
- SHA256
  
  259e485d637a243977d92391765b25a851dd2d24fa2e3ca2666f2dd6f53ca085
- SHA512
  
  cf29d5d276a14ffc9241725c1e505870d01131f2088fc939fc8944dfad4ab5d8b537b26b02bc716fb81080946a8ae9a7af8d525f5aeea41b7fbb931b8fa3bc26
- SSDEEP
  
  96:JEqdl9QdF21xQzDbq7Qs34a/r+g1ipOVeh21/lJGDUj:Swi+12zD+s2V/rJ1ipOVeh21/bGoj
Score

3^/10
behavioral28
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/token_formater.py
- Size
  
  1KB
- MD5
  
  7bf3f48b10e8856abfe626c690294f4f
- SHA1
  
  d0b9c536cffa54a0f87aa6edbbc85b00b85a2af9
- SHA256
  
  5a5c9faa4b413af36148f0f86a46ff99327f182af7873dbef4af024d5fd15d22
- SHA512
  
  f655c113cf625d633b1c1dc9ac0e71d2fd6d2e57d90a8a0a36968a567f8e6feb1451a33324fe1087f6b12bb5c7f616c27b0e8112493eaa53e7100e6f45961914
Score

3^/10
behavioral29
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/token_guild_check.py
- Size
  
  2KB
- MD5
  
  7f03134b4f8b1d44bf43a528da6c0402
- SHA1
  
  bd8a3642646ecaac0031d8568a8988ee55500f0c
- SHA256
  
  b00634fcc493619b18a5d7c8051e810246105b941780a9763025dc6e20498dae
- SHA512
  
  c715119571f3ec21ad3c04efab3b952d3156ef953934c4e4cac96bef88b51e1865ba1f28e96e9152f742f73e1da530b57bb8cd663d732e66f298b4c9cbaae599
Score

3^/10
behavioral30
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/token_guild_leaver.py
- Size
  
  1KB
- MD5
  
  a8c3f9563bfabbc06cbda98564dda494
- SHA1
  
  5e18ad0b39731c83fd1dd390d93dd15e3001c8d4
- SHA256
  
  62f1785326697b6d9f1902c0287a755429334d3426567c68a9b3f992ee3ea1cf
- SHA512
  
  61aaa8bf015762a0c44657296a0671a643a8749a5f3a96b78f640514168d613e93b10eb8e50dc1a8a303f765d7310fd0a526eb7662a16c6b061c49a8f5409464
Score

3^/10
behavioral31
- Target
  
  Nexus-MultiTool-main/Helper/Funcs/token_sorter.py
- Size
  
  4KB
- MD5
  
  a1ea936230f6970d10b3aec36764265c
- SHA1
  
  03c688132fb6319d01d53f43d9628b6610f23e43
- SHA256
  
  480a709241f6f141a1a23b9ad1282fd7520b1d47434e4964024ee99a430aba4a
- SHA512
  
  5d163618738b2cb3497bf2cf485cf743921285b0b58d1c237ff27ae3cab99f55e9cd01ab46d647083e9f88291c317c22131a0e57f8ac67c2ade8b0aa5acd90cb
- SSDEEP
  
  96:JrstZD9QdntdmSM0wkueo27ZOhF+sXBXVXxFKY/KrKZiQkQGIJWT:iiPz4IsRFBgY/tZiQkQGIoT
Score

3^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Downloads MZ/PE file

Drops startup file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32