agenttesla | SpyderCrypt_crack[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

SpyderCrypt_crack.rar
Size

3.5MB
MD5

b7accb6cdbc1093b435e3f8206dbc15b
SHA1

bce9e6e702af431e5964d47313ba366164c537c3
SHA256

6d722b8af76957ac58770accbb1452c4e4638666f0a8a7b4e46987394c01696c
SHA512

ac7d486e445c6e41b5a7daecd8134b64f55ff1d20b5c92f7308932ede934836f923cff365223605663dff760c20b6037768702b3228c6f0330cc27ccdde3c260
SSDEEP

98304:Ny5gWq6x0KqqaXK1y+FwzBrzoS04PfTn7RA9:sGWq6qKO61mz10S00pA9

Score

10^/10

agenttesla

Malware Config

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack001/SpyderCrypt_Cleaned/Guna.UI2.dll	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SpyderCrypt_Cleaned/Guna.UI2.dll
unpack001/SpyderCrypt_Cleaned/Newtonsoft.Json.dll
unpack001/SpyderCrypt_Cleaned/SpyderCrypter.exe

Files

SpyderCrypt_crack.rar
.rar

Password: matsimka
SpyderCrypt_Cleaned/Guna.UI2.dll
.dll windows:4 windows x86 arch:x86

Password: matsimka

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpyderCrypt_Cleaned/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

Password: matsimka

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpyderCrypt_Cleaned/SpyderCrypter.exe
.exe windows:4 windows x86 arch:x86

Password: matsimka

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

NKX=X3c
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NUL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: matsimka

Password: matsimka

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: matsimka

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 675KB - Virtual size: 675KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: matsimka

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

NKX=X3c Size: 772KB - Virtual size: 772KB

.text Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 90KB - Virtual size: 90KB

NUL Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 675KB - Virtual size: 675KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

NKX=X3c
Size: 772KB - Virtual size: 772KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 90KB - Virtual size: 90KB

NUL
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B