Overview
overview
10Static
static
4Spiral Tri...up.exe
windows7-x64
1Spiral Tri...up.exe
windows10-2004-x64
7Spiral Tri...lp.pdf
windows7-x64
1Spiral Tri...lp.pdf
windows10-2004-x64
1Spiral Tri...rt.exe
windows7-x64
4Spiral Tri...rt.exe
windows10-2004-x64
1Spiral Tri...Un.exe
windows7-x64
6Spiral Tri...Un.exe
windows10-2004-x64
6Spiral Tri...Un.exe
windows7-x64
6Spiral Tri...Un.exe
windows10-2004-x64
6Spiral Tri...UI.dll
windows7-x64
1Spiral Tri...UI.dll
windows10-2004-x64
1Spiral Tri...er.exe
windows7-x64
10Spiral Tri...er.exe
windows10-2004-x64
10Spiral Tri...al.exe
windows7-x64
1Spiral Tri...al.exe
windows10-2004-x64
1Spiral Tri...40.dll
windows7-x64
1Spiral Tri...40.dll
windows10-2004-x64
1Spiral Tri..._1.dll
windows7-x64
1Spiral Tri..._1.dll
windows10-2004-x64
1Spiral Tri...io.dll
windows7-x64
1Spiral Tri...io.dll
windows10-2004-x64
1Spiral Tri...z2.dll
windows7-x64
1Spiral Tri...z2.dll
windows10-2004-x64
1Spiral Tri...es.dll
windows7-x64
1Spiral Tri...es.dll
windows10-2004-x64
1Spiral Tri...al.dll
windows7-x64
1Spiral Tri...al.dll
windows10-2004-x64
1Spiral Tri...ib.dll
windows7-x64
1Spiral Tri...ib.dll
windows10-2004-x64
1Spiral Tri...ma.dll
windows7-x64
1Spiral Tri...ma.dll
windows10-2004-x64
1General
-
Target
Spiral.zip
-
Size
38.2MB
-
Sample
240529-tst7yscb86
-
MD5
34bde5054c136520e9597267a852cb13
-
SHA1
bc534d53ec20a994545b83471c682927ca459ec9
-
SHA256
5f3b839aa14668c3b36d3ad53a51e5b9b77ba57259e323bc549e66fa0f6ddf88
-
SHA512
70618d79f7b127d883d538af7c6cf0712c43283c866fbf16249a45dcd150b4b282629061ef4255969fd05d17d072443ce27c8fb103ca4b53edb6c5422c9529af
-
SSDEEP
786432:SeWKdVjY65sMiekFBDUvkSWNTyEqYMW9dluZxX/RQFegW7vDRWBV4Yq6:TJdVd5snzFBDU8SXiMeljdOLRWj476
Behavioral task
behavioral1
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/NordVPN/NordVPNSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/NordVPN/NordVPNSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/Revo Uninstaller Help.pdf
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/Revo Uninstaller Help.pdf
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/RevoUPort.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/RevoUPort.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x64/RevoUn.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x64/RevoUn.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x86/RevoUn.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x86/RevoUn.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Siticone.UI.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Siticone.UI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Spiral Woofer.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Spiral Woofer.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/Spiral.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/Spiral.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140_1.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140_1.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_asyncio.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_asyncio.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_bz2.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_bz2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_ctypes.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_ctypes.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_decimal.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_decimal.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_hashlib.dll
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_hashlib.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_lzma.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_lzma.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/NordVPN/NordVPNSetup.exe
-
Size
1.7MB
-
MD5
5d6f0577264346d7c28f1853871d89b7
-
SHA1
a606fa6e79ed5ca473eed30cc8483901ca67fae1
-
SHA256
391b613c8db8f21fe6545d6448adb188dd2b54749f31e7cd7abefb6e61f388d2
-
SHA512
9d43f0ef1ed41ac338a157dbcc74e5ebdb00ff83935aeb96095af9fe780a2217ae6362e6577b51780baffcaa50e2ee8f0c92345a473a199da5897411d3f72159
-
SSDEEP
24576:x7FUDowAyrTVE3U5FZvOcAqJys9vvys3gEhyel1XXkJ2k89zCA8:xBuZrEU1OMJys9HLRy3J2k8ob
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/Revo Uninstaller Help.pdf
-
Size
1.9MB
-
MD5
3302bc2fe6921c87e4a647851eccaade
-
SHA1
4bab845a05f5cf54603f70b06aec7bfcb6a073a7
-
SHA256
0e52207e8c1422aa51c6e94b1b6874d394a87f7ff3838f2e7711de278cc2a3f0
-
SHA512
cf8635edaa23f2f06660613f87d30f476791ef065bcdbbbbcbfbd3ff35c2ef6c6900a820f9719638902bf520b9d5480869d21995ed4fd0cef89b20c020436017
-
SSDEEP
49152:Mh1JSdd792yHssZsyWGf7L+JUpiTyDzPzuBj3N:Mh1JSdV92UskblK+piTybuBj9
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/RevoUPort.exe
-
Size
200KB
-
MD5
2f814a927d097a09911111dbf0fc2e93
-
SHA1
8e4e953c60653a333182320345209765695d4e17
-
SHA256
ef70640d701bf406f7008c9ef7dc594019c063e4436415c97033f0a998697edf
-
SHA512
d57fa5fdd2ce0ed148e43814420103e0e340862d6a9c35714ede6fa059dad0b63963b790824cbc126535b97c23f2fd560eb0891050fc0f3996a30c7ee8e99619
-
SSDEEP
3072:0kLnAdeRbvAZpoKIIn9xg//XHTfq2M0W30L/OHQ4HFs3qMGrfv8Th:3LAoYZCIn9SzsFwWqh
Score4/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x64/RevoUn.exe
-
Size
14.4MB
-
MD5
740c47eaa20beeaf8b7121a17c39af99
-
SHA1
bafa4a04765850a0c16430c01a32497e62f11e9d
-
SHA256
a48b7b68c4865cf192e5800ea1fba0588a6ae2abccfab73450c38c3e410b31d0
-
SHA512
004cc63fedc4c2233f3dd7296d4fa757c33428b4b1c4dabde1d5256eb887d2afa069323e24faaa2806b4f0335cfa7405a0fb523321220fb7e4912b05150d7252
-
SSDEEP
196608:yLnucGdLdWIPrN2Ap6yi9crjE+pWwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIq:wDGdLdWIPrN2yi9c3ppNPWpGplR8ZWz
Score6/10-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x86/RevoUn.exe
-
Size
12.1MB
-
MD5
bc5307a2b996f8994c4c93983a81fb05
-
SHA1
2df1b09e0d4cf2cffd66b61fc7014c29219b393b
-
SHA256
787a813efcdbfac68d0df2392beb1cde23b15958ea569a6506d64dec70709501
-
SHA512
a4bd1a6271401acd82d973eb04f67e941de85c50d1b04607f89029a92555b52390d118090f7e5ff125e4eb3931f37995f67c6adc6927f8df19fb0ee9360780ca
-
SSDEEP
196608:ndKABE/NdoCTHwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIA8Z:UoPWpGplR8ZW
Score6/10-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Siticone.UI.dll
-
Size
1.3MB
-
MD5
2474124f9a70301411e5a42caa0225f6
-
SHA1
23c561479001148931601b14889d0c10c1420e85
-
SHA256
283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4
-
SHA512
a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff
-
SSDEEP
24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Spiral Woofer.exe
-
Size
7.3MB
-
MD5
32c861b9124d7ea41209bd9a9fd353f3
-
SHA1
ff0e9b0b08f96b8f7a239e36b4987ed0389c53d3
-
SHA256
d6904fb766598acbf710f5fa594a135815697d53f6564057dbf34d7d385c46e5
-
SHA512
bbc276a5cdbcfc22b138da9b0c848ff88a76a033e5699bdd461b55d4d8e23f995ff6eac2e78b653aad86ded329bf3707f642030a8efc0222ef93b8d037a13330
-
SSDEEP
196608:SD2olsqpQRfDbkz64Nu1fccjBHYbKYODdk:NrUwWKB9vd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/Spiral.exe
-
Size
3.1MB
-
MD5
d103c7a9c24a2397afeda10ecf29ee64
-
SHA1
a15b3cfff8d8425046f1cb6ccc8dfb0bc2d08898
-
SHA256
06a3a7ba306189e1a3f5fa9dd15dd6e0c29b2ddb4c29e6e179dc018e8ed3ed39
-
SHA512
9ced4ae9830e5a9c8907bb83d26ccc8715565d2923e6f0b2faf829097da2f8438ced09da23b2b4ef40e489105e4cac0d2dc42e2f71a11fcf801e166421bcb0a0
-
SSDEEP
98304:KsLQwQ4GW7Onv/97A8N1bVgFVuqClvESg:Ks8PW6/97A8N1B69S
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140.dll
-
Size
95KB
-
MD5
f34eb034aa4a9735218686590cba2e8b
-
SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713
-
SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
-
SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
SSDEEP
1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140_1.dll
-
Size
36KB
-
MD5
135359d350f72ad4bf716b764d39e749
-
SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7
-
SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
-
SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba
-
SSDEEP
384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_asyncio.pyd
-
Size
63KB
-
MD5
33d0b6de555ddbbbd5ca229bfa91c329
-
SHA1
03034826675ac93267ce0bf0eaec9c8499e3fe17
-
SHA256
a9a99a2b847e46c0efce7fcfefd27f4bce58baf9207277c17bffd09ef4d274e5
-
SHA512
dbbd1ddfa445e22a0170a628387fcf3cb95e6f8b09465d76595555c4a67da4274974ba7b348c4c81fe71c68d735c13aacb8063d3a964a8a0556fb000d68686b7
-
SSDEEP
1536:owmuopcJpmVwR40axzEfRILOnMv7SySmPxe:owmu4/mR40axzEfRILOnw3xe
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_bz2.pyd
-
Size
81KB
-
MD5
86d1b2a9070cd7d52124126a357ff067
-
SHA1
18e30446fe51ced706f62c3544a8c8fdc08de503
-
SHA256
62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e
-
SHA512
7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535
-
SSDEEP
1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_ctypes.pyd
-
Size
120KB
-
MD5
1635a0c5a72df5ae64072cbb0065aebe
-
SHA1
c975865208b3369e71e3464bbcc87b65718b2b1f
-
SHA256
1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177
-
SHA512
6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99
-
SSDEEP
3072:0OEESRiaiH6lU1vxqfrId0sx3gVILLPykxA:hj+I1vAfrIRx3gN
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_decimal.pyd
-
Size
248KB
-
MD5
20c77203ddf9ff2ff96d6d11dea2edcf
-
SHA1
0d660b8d1161e72c993c6e2ab0292a409f6379a5
-
SHA256
9aac010a424c757c434c460c3c0a6515d7720966ab64bad667539282a17b4133
-
SHA512
2b24346ece2cbd1e9472a0e70768a8b4a5d2c12b3d83934f22ebdc9392d9023dcb44d2322ada9edbe2eb0e2c01b5742d2a83fa57ca23054080909ec6eb7cf3ca
-
SSDEEP
6144:3LT2sto29vTlN5cdIKdo4/3VaV8FlBa9qWMa3pLW1A/T8O51j4iab9M:H2s/9vTlPcdk4vVtFU98iIu
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_hashlib.pyd
-
Size
63KB
-
MD5
d4674750c732f0db4c4dd6a83a9124fe
-
SHA1
fd8d76817abc847bb8359a7c268acada9d26bfd5
-
SHA256
caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9
-
SHA512
97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e
-
SSDEEP
1536:/smKJPganCspF1dqZAC2QjP2RILOIld7SyEPxDF:/smKpgNoF1dqZDnjP2RILOIv2xB
Score1/10 -
-
-
Target
Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_lzma.pyd
-
Size
154KB
-
MD5
7447efd8d71e8a1929be0fac722b42dc
-
SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6
-
SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be
-
SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de
-
SSDEEP
3072:j0k3SXjD9aWpAn3rb7SbuDlvNgS4fWqEznfo9mNoFTSlXZ8Ax5ILZ1GIxq:j0kiXjD9v8X7Euk4wYOFTafxn
Score1/10 -