General

  • Target

    Spiral.zip

  • Size

    38.2MB

  • Sample

    240529-tst7yscb86

  • MD5

    34bde5054c136520e9597267a852cb13

  • SHA1

    bc534d53ec20a994545b83471c682927ca459ec9

  • SHA256

    5f3b839aa14668c3b36d3ad53a51e5b9b77ba57259e323bc549e66fa0f6ddf88

  • SHA512

    70618d79f7b127d883d538af7c6cf0712c43283c866fbf16249a45dcd150b4b282629061ef4255969fd05d17d072443ce27c8fb103ca4b53edb6c5422c9529af

  • SSDEEP

    786432:SeWKdVjY65sMiekFBDUvkSWNTyEqYMW9dluZxX/RQFegW7vDRWBV4Yq6:TJdVd5snzFBDU8SXiMeljdOLRWj476

Malware Config

Targets

    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/NordVPN/NordVPNSetup.exe

    • Size

      1.7MB

    • MD5

      5d6f0577264346d7c28f1853871d89b7

    • SHA1

      a606fa6e79ed5ca473eed30cc8483901ca67fae1

    • SHA256

      391b613c8db8f21fe6545d6448adb188dd2b54749f31e7cd7abefb6e61f388d2

    • SHA512

      9d43f0ef1ed41ac338a157dbcc74e5ebdb00ff83935aeb96095af9fe780a2217ae6362e6577b51780baffcaa50e2ee8f0c92345a473a199da5897411d3f72159

    • SSDEEP

      24576:x7FUDowAyrTVE3U5FZvOcAqJys9vvys3gEhyel1XXkJ2k89zCA8:xBuZrEU1OMJys9HLRy3J2k8ob

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/Revo Uninstaller Help.pdf

    • Size

      1.9MB

    • MD5

      3302bc2fe6921c87e4a647851eccaade

    • SHA1

      4bab845a05f5cf54603f70b06aec7bfcb6a073a7

    • SHA256

      0e52207e8c1422aa51c6e94b1b6874d394a87f7ff3838f2e7711de278cc2a3f0

    • SHA512

      cf8635edaa23f2f06660613f87d30f476791ef065bcdbbbbcbfbd3ff35c2ef6c6900a820f9719638902bf520b9d5480869d21995ed4fd0cef89b20c020436017

    • SSDEEP

      49152:Mh1JSdd792yHssZsyWGf7L+JUpiTyDzPzuBj3N:Mh1JSdV92UskblK+piTybuBj9

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/RevoUPort.exe

    • Size

      200KB

    • MD5

      2f814a927d097a09911111dbf0fc2e93

    • SHA1

      8e4e953c60653a333182320345209765695d4e17

    • SHA256

      ef70640d701bf406f7008c9ef7dc594019c063e4436415c97033f0a998697edf

    • SHA512

      d57fa5fdd2ce0ed148e43814420103e0e340862d6a9c35714ede6fa059dad0b63963b790824cbc126535b97c23f2fd560eb0891050fc0f3996a30c7ee8e99619

    • SSDEEP

      3072:0kLnAdeRbvAZpoKIIn9xg//XHTfq2M0W30L/OHQ4HFs3qMGrfv8Th:3LAoYZCIn9SzsFwWqh

    Score
    4/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x64/RevoUn.exe

    • Size

      14.4MB

    • MD5

      740c47eaa20beeaf8b7121a17c39af99

    • SHA1

      bafa4a04765850a0c16430c01a32497e62f11e9d

    • SHA256

      a48b7b68c4865cf192e5800ea1fba0588a6ae2abccfab73450c38c3e410b31d0

    • SHA512

      004cc63fedc4c2233f3dd7296d4fa757c33428b4b1c4dabde1d5256eb887d2afa069323e24faaa2806b4f0335cfa7405a0fb523321220fb7e4912b05150d7252

    • SSDEEP

      196608:yLnucGdLdWIPrN2Ap6yi9crjE+pWwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIq:wDGdLdWIPrN2yi9c3ppNPWpGplR8ZWz

    Score
    6/10
    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/RevoUninstaller/x86/RevoUn.exe

    • Size

      12.1MB

    • MD5

      bc5307a2b996f8994c4c93983a81fb05

    • SHA1

      2df1b09e0d4cf2cffd66b61fc7014c29219b393b

    • SHA256

      787a813efcdbfac68d0df2392beb1cde23b15958ea569a6506d64dec70709501

    • SHA512

      a4bd1a6271401acd82d973eb04f67e941de85c50d1b04607f89029a92555b52390d118090f7e5ff125e4eb3931f37995f67c6adc6927f8df19fb0ee9360780ca

    • SSDEEP

      196608:ndKABE/NdoCTHwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIA8Z:UoPWpGplR8ZW

    Score
    6/10
    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Siticone.UI.dll

    • Size

      1.3MB

    • MD5

      2474124f9a70301411e5a42caa0225f6

    • SHA1

      23c561479001148931601b14889d0c10c1420e85

    • SHA256

      283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4

    • SHA512

      a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff

    • SSDEEP

      24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Spoofer/Spiral Woofer.exe

    • Size

      7.3MB

    • MD5

      32c861b9124d7ea41209bd9a9fd353f3

    • SHA1

      ff0e9b0b08f96b8f7a239e36b4987ed0389c53d3

    • SHA256

      d6904fb766598acbf710f5fa594a135815697d53f6564057dbf34d7d385c46e5

    • SHA512

      bbc276a5cdbcfc22b138da9b0c848ff88a76a033e5699bdd461b55d4d8e23f995ff6eac2e78b653aad86ded329bf3707f642030a8efc0222ef93b8d037a13330

    • SSDEEP

      196608:SD2olsqpQRfDbkz64Nu1fccjBHYbKYODdk:NrUwWKB9vd

    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/Spiral.exe

    • Size

      3.1MB

    • MD5

      d103c7a9c24a2397afeda10ecf29ee64

    • SHA1

      a15b3cfff8d8425046f1cb6ccc8dfb0bc2d08898

    • SHA256

      06a3a7ba306189e1a3f5fa9dd15dd6e0c29b2ddb4c29e6e179dc018e8ed3ed39

    • SHA512

      9ced4ae9830e5a9c8907bb83d26ccc8715565d2923e6f0b2faf829097da2f8438ced09da23b2b4ef40e489105e4cac0d2dc42e2f71a11fcf801e166421bcb0a0

    • SSDEEP

      98304:KsLQwQ4GW7Onv/97A8N1bVgFVuqClvESg:Ks8PW6/97A8N1B69S

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140.dll

    • Size

      95KB

    • MD5

      f34eb034aa4a9735218686590cba2e8b

    • SHA1

      2bc20acdcb201676b77a66fa7ec6b53fa2644713

    • SHA256

      9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

    • SHA512

      d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

    • SSDEEP

      1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/VCRUNTIME140_1.dll

    • Size

      36KB

    • MD5

      135359d350f72ad4bf716b764d39e749

    • SHA1

      2e59d9bbcce356f0fece56c9c4917a5cacec63d7

    • SHA256

      34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

    • SHA512

      cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

    • SSDEEP

      384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_asyncio.pyd

    • Size

      63KB

    • MD5

      33d0b6de555ddbbbd5ca229bfa91c329

    • SHA1

      03034826675ac93267ce0bf0eaec9c8499e3fe17

    • SHA256

      a9a99a2b847e46c0efce7fcfefd27f4bce58baf9207277c17bffd09ef4d274e5

    • SHA512

      dbbd1ddfa445e22a0170a628387fcf3cb95e6f8b09465d76595555c4a67da4274974ba7b348c4c81fe71c68d735c13aacb8063d3a964a8a0556fb000d68686b7

    • SSDEEP

      1536:owmuopcJpmVwR40axzEfRILOnMv7SySmPxe:owmu4/mR40axzEfRILOnw3xe

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_bz2.pyd

    • Size

      81KB

    • MD5

      86d1b2a9070cd7d52124126a357ff067

    • SHA1

      18e30446fe51ced706f62c3544a8c8fdc08de503

    • SHA256

      62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e

    • SHA512

      7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

    • SSDEEP

      1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_ctypes.pyd

    • Size

      120KB

    • MD5

      1635a0c5a72df5ae64072cbb0065aebe

    • SHA1

      c975865208b3369e71e3464bbcc87b65718b2b1f

    • SHA256

      1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177

    • SHA512

      6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

    • SSDEEP

      3072:0OEESRiaiH6lU1vxqfrId0sx3gVILLPykxA:hj+I1vAfrIRx3gN

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_decimal.pyd

    • Size

      248KB

    • MD5

      20c77203ddf9ff2ff96d6d11dea2edcf

    • SHA1

      0d660b8d1161e72c993c6e2ab0292a409f6379a5

    • SHA256

      9aac010a424c757c434c460c3c0a6515d7720966ab64bad667539282a17b4133

    • SHA512

      2b24346ece2cbd1e9472a0e70768a8b4a5d2c12b3d83934f22ebdc9392d9023dcb44d2322ada9edbe2eb0e2c01b5742d2a83fa57ca23054080909ec6eb7cf3ca

    • SSDEEP

      6144:3LT2sto29vTlN5cdIKdo4/3VaV8FlBa9qWMa3pLW1A/T8O51j4iab9M:H2s/9vTlPcdk4vVtFU98iIu

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_hashlib.pyd

    • Size

      63KB

    • MD5

      d4674750c732f0db4c4dd6a83a9124fe

    • SHA1

      fd8d76817abc847bb8359a7c268acada9d26bfd5

    • SHA256

      caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9

    • SHA512

      97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e

    • SSDEEP

      1536:/smKJPganCspF1dqZAC2QjP2RILOIld7SyEPxDF:/smKpgNoF1dqZDnjP2RILOIv2xB

    Score
    1/10
    • Target

      Spiral Triggerbot/Spiral Release/Spiral/Spiral Triggerbot/_internal/_lzma.pyd

    • Size

      154KB

    • MD5

      7447efd8d71e8a1929be0fac722b42dc

    • SHA1

      6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

    • SHA256

      60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

    • SHA512

      c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

    • SSDEEP

      3072:j0k3SXjD9aWpAn3rb7SbuDlvNgS4fWqEznfo9mNoFTSlXZ8Ax5ILZ1GIxq:j0kiXjD9v8X7Euk4wYOFTafxn

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

pdflinkpyinstaller
Score
4/10

behavioral1

Score
1/10

behavioral2

Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
4/10

behavioral6

Score
1/10

behavioral7

discovery
Score
6/10

behavioral8

discovery
Score
6/10

behavioral9

discovery
Score
6/10

behavioral10

discovery
Score
6/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

agentteslakeyloggerspywarestealertrojan
Score
10/10

behavioral14

agentteslakeyloggerspywarestealertrojan
Score
10/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10