agenttesla | 9ecbf28720a944bdd3f3c20cdb3f4da7f40da903b651be520348e01a8efa2504

Sharing

Copy URL

Twitter E-mail

General

Target

kayflock-beta.rar
Size

9.9MB
Sample

240413-v4rrmsab8v
MD5

97aa3a079dd9755550f3dc33b5cfc215
SHA1

68706f4f9fada471773b87c051c1d0bbc0da1ac6
SHA256

9ecbf28720a944bdd3f3c20cdb3f4da7f40da903b651be520348e01a8efa2504
SHA512

bb94b7252d1eaf201ec3bac6ed154159c30c69759d9683866be1be4ee6c173581eb5ab033e5fb346dfb0eb811ec850204ae2b925d125230579c6978e7737990a
SSDEEP

196608:I9wZUrLVz1Ik1+pfk/1eAD5kh7mv486rCujLl/yvhEW9NZ1elAbinuDll:FY1zWk/1XD5Y7VPjhyvSWHZ1AGinGll

Score

10^/10

Malware Config

Targets

- Target
  
  kayflock-beta/System.Management.dll
- Size
  
  70KB
- MD5
  
  88b0572d04511832862a672aa59f6e57
- SHA1
  
  0c0c00a22ee85f5c053b90929941a1d4e892f87c
- SHA256
  
  a7387f80ef7e40f2f056d862a66afea0b16b46d101e69093dc7ba84f3d1d0881
- SHA512
  
  c3f313de263c996277a97121f804f8a21f7ac8bab36bf485605ffa281e30083f9a7ff783dc58e66a32e5a09669ff3798233b963764281b7ea8eb9afa43ea997a
- SSDEEP
  
  768:l3FJV6QNGiHKxqv/7F/dttlswUGcVzKkb46jf9LJKdbY2SdMEQj:l31/MiHKsFBqtRUkb46j99yc2SdMEo
Score

1^/10
behavioral1 behavioral2
- Target
  
  kayflock-beta/byfron.dll
- Size
  
  15.1MB
- MD5
  
  027dcfe7428ee64267c19120bde8607a
- SHA1
  
  929621600cda0642861d57c3e39bc344f96f4926
- SHA256
  
  efd93048311e5feb5e853a5cff20112b6991ce662b8f8d90fa5377ef2aa16252
- SHA512
  
  155b4b18d59933b62602d934a197395d269d2011db8d3f0a86855e55f405fd66839ca6232c5d6075987750acc362d048d3783bbfd6940559f5924f3db2da50cd
- SSDEEP
  
  393216:dgCrScjgeDIC/tBmVczYo6kUFnURXrScjgeDIC/tBmVczYo6kUFnUR:VWcEe0ZVkUKWcEe0ZVkU
Score

1^/10
behavioral3 behavioral4
- Target
  
  kayflock-beta/kayflock.exe
- Size
  
  253KB
- MD5
  
  2ea6211ab19482dddf2b32fdeddfe409
- SHA1
  
  bfb9ab42d59ec933d1ebb8674bc697faaa99a52e
- SHA256
  
  7a25def99b85f8486606ec7eb4d52395308afcc930e7b2df23897022b1d6baf1
- SHA512
  
  e54d8b6db035ab9274c3f3a00474cf19d1543eb19f1c8eb89e11e33ddc6d675648201a70f495e6ddc0da4d71f17f01e3f6d77d5264effe1f0c46877379933bae
- SSDEEP
  
  3072:yczkitvo4BpYN/6mBPry8TXROLdW5m4mURh9OOGm0kqxidvA8qY:yA4NCmBPry/N2VOOPwxU1q
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  kayflock-beta/nexus.dll
- Size
  
  516KB
- MD5
  
  8cd9953ff0283305f3998f6893c7d244
- SHA1
  
  db906639e1b164bb813e3e94e548a4c5549bd36e
- SHA256
  
  0a3f02ad6a8f319b352f4ab3222bd57d9699882db065fb344b9828243b1d0015
- SHA512
  
  3121712026e63ae2c9df423c24511249895e773a5e56f3fd19dff89eefe58042c990afcd7ffba21bf9f181045b9b4d9f439c7e69114f0f9282adbd707558e133
- SSDEEP
  
  12288:MykYXttq4mBpDetgo3DcHGF2HcvHWUSA9uN:iYi4Xt7zcHGFxI+uN
Score

1^/10
behavioral7 behavioral8
- Target
  
  kayflock-beta/packages/ranks/HelpPane.exe
- Size
  
  1.0MB
- MD5
  
  24fa2b633440a793683f8d5f1372dc43
- SHA1
  
  6f8af3fc0d9f7a876ffb44c645e87ec4db75784e
- SHA256
  
  e00db4259a014d3833023ae6ea22923f0f35902615910ccb058a1ee53131dcb8
- SHA512
  
  cedf87859612080487562530543b9c24ce69b600713737f1c7ce669a04707c5473008fc0884bb820bcec4433ed5cbff3c89300e0e90d4bb388089e269946e21f
- SSDEEP
  
  12288:dvcZCbt3V79HwWt1BJM6HJHnmf/7BGR+dxYGXKPXPiXuHNHGb6bH/zx/GCLW/nhf:n3d9HJvJtGH7PdxY
Score

1^/10
behavioral9
- Target
  
  kayflock-beta/packages/ranks/bfsvc.exe
- Size
  
  94KB
- MD5
  
  47661a0f06b7bcc30715c0ad97756e39
- SHA1
  
  ed527f16529ad312640fef174fb8ea816c7e61f8
- SHA256
  
  1ac616c3c7b314a79cd06802b43cad4ab97c37f6b800961f7e8f031e1a85dedf
- SHA512
  
  b483485ac96a5f799161fe277553ce74cae34833da6bc6238980509ddafa50f3f26d871395d20ec4d9a5dae0e48720384a7ce2256fbe061056760a8683e4f0a7
- SSDEEP
  
  1536:nJrvLNn0Vux8uZUnqDzlO3h+dmZn6tQsaxH9D2eQtezaZgJQKi:JXNnTxXtO3h+dmZn65WYezSei
Score

1^/10
behavioral10
- Target
  
  kayflock-beta/packages/ranks/explorer.exe
- Size
  
  5.4MB
- MD5
  
  238538d74fea273bff1e00622eccaf3a
- SHA1
  
  61ee53287d7aa2abbf323cc04e4475ae07ed6e75
- SHA256
  
  33ca082676d3e3162eccdbef28daa3240930245ff218b70d309f34ab0e7b372e
- SHA512
  
  9f6d02be5cbd10635e25acb96d09710876d860c51b3402c2a9863c1fb6725b00978ff0c4d851245e77c30471774b2394a1f886d60d4328f30be5457a5e4e2894
- SSDEEP
  
  49152:o5TqDcv5BBX/kxeONz5frwQPBqsOnTufmZrboosBB+SpfwcwP6cfwQ/Imu7/Qmrt:vQbNovRRwcGtiw8a0cD5
Score

1^/10
behavioral11
- Target
  
  kayflock-beta/packages/ranks/fullstack-magic.exe
- Size
  
  1.4MB
- MD5
  
  4a629a32c3cc21b2276bb0785713eb1e
- SHA1
  
  7888df74655fcbd13b80cf614098f1a773596438
- SHA256
  
  7e01d1f8f33c2df815d95078825da15efdeaa5cbd6a8556d8323c0d39ad0cd53
- SHA512
  
  1f1765b9699aa1da93763d956b2cc110228a74f492fde210e27b4ec4b7b26c55fefc6dd5a4e73c8e324b2208be28f52b8261a64247cb42f8330c9cfea451570d
- SSDEEP
  
  24576:Mc8sHmuATYC2ts1BsuZYrPNVfBAmNvf26ikntJMVoUx8AI8AKwsKI2+Xf:z3Hmu+B2ts1BsEYhVHpfCKMVoUiAI8Y
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral12 behavioral13
- Target
  
  kayflock-beta/packages/ranks/hh.exe
- Size
  
  18KB
- MD5
  
  2c8fe78d53c8ca27523a71dfd2938241
- SHA1
  
  0111959e0f521d0c01d258abbb42bba9c23e407d
- SHA256
  
  eb63fd45ed7ec773eccaf0f20d44bc9b4ed0a3e01779d62321b1da954a0f6eb8
- SHA512
  
  4fba46ecc4f12bae5f4c46d4d6136bb0babf1abf7327e5210d1291d786ce2262473212a64da35114776b1ce26ead734a9fd3972ffa0f294d97ab6907953fd137
- SSDEEP
  
  192:U8kHEFbfhORz4NqRGQE7KpcPUKU/dlk06Sl0+m5GJ1KDJD/QWc7:U8kH67heMMRGQEOpR/dlk06I1KDuWc7
Score

1^/10
behavioral14
- Target
  
  kayflock-beta/packages/ranks/notepad.exe
- Size
  
  196KB
- MD5
  
  bd4718db42d3ac15939d51d8f7fd0330
- SHA1
  
  31315201b97b1eb85bb602dcb586c3a1a7b5dbf7
- SHA256
  
  cb448ea83bcf46a21aa9a9b258f39c85df962b18ae3682f2aaac9d79e2c04ebd
- SHA512
  
  8f35950298154563d875afd9d67414c6f8fc8eb41f12b3857e694f536d36162f17686dfa23eff2ebb7cefbb74e0304d685cc68dfa7d2aca94cbea7fc10c4c0e9
- SSDEEP
  
  3072:JfDg8iAAFxfJZwjPCSm3tK69oUnTYS/7zk+XDBG8BNJtALCgEvkwi6/LPlcF/NL:JriAAFr7vz9oUn8AoSDBrSLCXfFz2F
Score

1^/10
behavioral15
- Target
  
  kayflock-beta/packages/ranks/splwow64.exe
- Size
  
  160KB
- MD5
  
  dfd799e78afaaa7ebc91794fdf086395
- SHA1
  
  8cc8124e39166b9feb45dcb818eaa24c78e7f6a5
- SHA256
  
  cf50db5a92f185b97e6e3f002dca0b079d75da6335c3e70b737059fa68784bf9
- SHA512
  
  e91ce925656d2ba99341d7d184c76e523b45b59fa9cd515fa7955bd2ac892e8ce4f6f4c69843a74e26a361a8aea6741c6427e4a2199dc3bd038487ab0e98987a
- SSDEEP
  
  3072:ktVg+PN4fGNKDNtLT2aobZWYXRY4CHQbPRyZ2pPTI:Ya+PN4fUKDNtX2aCvS8AZ2
Score

1^/10
behavioral16
- Target
  
  kayflock-beta/packages/ranks/twain_32.dll
- Size
  
  63KB
- MD5
  
  afe119dd4e17891b227684f38aa25d4d
- SHA1
  
  2159772933e0ba4fb108edb93067cfdd067abf15
- SHA256
  
  eec41d62ab5d2e1d880b338c47a2156a5ee7e58f3448f58cc8120392ddc8c730
- SHA512
  
  37309c74f3b6e356506c40c871a90294d9f874388a1417af9eb27cde085cf62a72af79b258c78cac0ac2ed8a183e349ffb8f67f2a9c3f46c1d19f2fe3ea9408f
- SSDEEP
  
  768:uPC0xySqWNPwcKnReqpxORBoWNOMFN5cYsFx1gAmOURksWrk/VwLtkKavNi3IJzU:uPC0xyowcklqHw9xGkLrNLtBiNR
Score

1^/10
behavioral17
- Target
  
  kayflock-beta/packages/ranks/winhlp32.exe
- Size
  
  11KB
- MD5
  
  0629e6d130f226c009ea9ab329f37acc
- SHA1
  
  1529c6cf3265311b690992dc975443b35177bc7c
- SHA256
  
  4fce997bdd3475c42ba856d8c288fd4f9f91fd1370075ad7e0b11b1e71ae69ce
- SHA512
  
  a36f25cd5b79891f0cc5a8e85636ce4ef10c91ec6d6c7c0f5c5b622d0af1f4f400c864d331caffaa8a51d9a2734777b5b9ce87cabb7667a9aceaf8837e88c847
- SSDEEP
  
  192:ZomhYgSgGvZx5qdoth1Pdk7WneHWGhh4j8q05:L67gGnP7q7WneHWGhh44q
Score

1^/10
behavioral18
- Target
  
  kayflock-beta/packages/ranks/write.exe
- Size
  
  11KB
- MD5
  
  b947cca7f485f6c1156f4d02e8c9874f
- SHA1
  
  9f184e48f17f104c6a476687e8e760a65a0326b5
- SHA256
  
  a70d52eda892edc073932b462cc367cdbfbace3f4196857d8d4fa869a13de792
- SHA512
  
  28c6ff32bc94aad8b201e469f854dde32cad9eb2e7a80ed858ac2ff99648312cecca06918bce96e8d905d52d5ebee076bd08d957f7933602c0c79d93ead20ee3
- SSDEEP
  
  192:ZV89t7hglDCS8O3GbXdYFWihWxu/sWGOW:ZVM7hceSP3IXioxu/sWGOW
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Sets service image path in registry

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19