Overview
overview
10Static
static
10unbranded ...I2.dll
windows7-x64
1unbranded ...I2.dll
windows10-2004-x64
1unbranded ...64.dll
windows7-x64
1unbranded ...64.dll
windows10-2004-x64
1unbranded ...er.bat
windows7-x64
1unbranded ...er.bat
windows10-2004-x64
1unbranded ...er.bat
windows7-x64
1unbranded ...er.bat
windows10-2004-x64
1unbranded ...rm.dll
windows7-x64
1unbranded ...rm.dll
windows10-2004-x64
1unbranded ...ac.bat
windows7-x64
1unbranded ...ac.bat
windows10-2004-x64
1unbranded ...rm.exe
windows7-x64
10unbranded ...rm.exe
windows10-2004-x64
10General
-
Target
unbranded perm.rar
-
Size
39.1MB
-
Sample
240601-193c8agf7w
-
MD5
8aa2e7bbc97e4ee8c3eeeebe1077ec33
-
SHA1
a73d0dbf12f4e5c61c672d9d97f08b35fb3a7603
-
SHA256
27cc7f2310f64e3cd11c130f91ce5778f7ab6d17031b31410ad79e25fa273262
-
SHA512
98b4d029abe51c1f7cfb82d62f6737e75cbbf6ceccc155889a20ca3608fd07cfb82bb994caf62178473413d6f66f28f04c23be3c58bfa464d040a6a26ba3362d
-
SSDEEP
786432:fHvTu2X2VaFqmGvGYYmG7wTEg3Zkve8oPGr799beso64q:fKFQbGF9GSZWe8191esbB
Behavioral task
behavioral1
Sample
unbranded perm/perm spoofer phantom/Release/Guna.UI2.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
unbranded perm/perm spoofer phantom/Release/Guna.UI2.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/EFI/Boot/bootx64.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/EFI/Boot/bootx64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/extra download/MAC Changer.bat
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/extra download/MAC Changer.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/extra download/Serial_Checker.bat
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/extra download/Serial_Checker.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/perm.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/perm.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
unbranded perm/perm spoofer phantom/Release/mac/mac.bat
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
unbranded perm/perm spoofer phantom/Release/mac/mac.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
unbranded perm/perm spoofer phantom/Release/unbranded perm.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
unbranded perm/perm spoofer phantom/Release/unbranded perm.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
unbranded perm/perm spoofer phantom/Release/Guna.UI2.dll
-
Size
2.1MB
-
MD5
c97f23b52087cfa97985f784ea83498f
-
SHA1
d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89
-
SHA256
e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd
-
SHA512
ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512
-
SSDEEP
49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr
Score1/10 -
-
-
Target
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/EFI/Boot/bootx64.efi
-
Size
916KB
-
MD5
9da894477f2c9b82189449069dc98a59
-
SHA1
ab6c6842c90d4f0b63a41c6f03670840bc255571
-
SHA256
50437f8f0623a076f350ae937b0054f5912a14bbf9948c9665ca6ae4b0f31e7a
-
SHA512
c0b7ccd6a34d760834baeceabb3b2af3a190e3595c51f351e817be47aa8b5ed254b4948c94910cf6a5ffb76b3fdc4352ac1f3e8e069ef0472a5c20b87579f774
-
SSDEEP
6144:EnUAZGD8M028kOwo9x7MZt/OBAVsqD4C1Xl3UAeUdB1gilRQ8LxoV46u6gF:EUAZc8CHo9xatgUs1C1VkAH15
Score1/10 -
-
-
Target
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/extra download/MAC Changer.bat
-
Size
2KB
-
MD5
ec89bf670e46293de5068cda3cbeb83f
-
SHA1
adfc8389a237b83013770962f75c525c850c4ae4
-
SHA256
b48a3d73761e4ae69ff3a3c15716a2727562797f020db9c8ac0d881d3ffca66b
-
SHA512
973a2a5cd6a832ab07aaf901ba311f32129228a16f0a15791041f4c973b0d7062eeab49cfa47e2351bcade0e4ef9cc5b3100cbef70445e076887860bd8ab59a7
Score1/10 -
-
-
Target
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/extra download/Serial_Checker.bat
-
Size
866B
-
MD5
5784d35e5bf29823171ee1073a831b44
-
SHA1
eb4d2fbc9cd1183ae17ff2f46bbcc59c720a02e9
-
SHA256
ff5d116fabd64cbc53a5f3fb1370dac5b36dabb6227aba3730c0bc73630e0d69
-
SHA512
6e277a1cdd2661be84e2616b88b692f7638e6c9105e95e02502674a68cc951a2ec0d771f9eb5c99f5924386aa45517c69591ecbaa35a603a85bf264bb0f5cf71
Score1/10 -
-
-
Target
unbranded perm/perm spoofer phantom/Release/efi/EFI_FILES_2/perm.efi
-
Size
422KB
-
MD5
a71cffbbfdf299b4109d22dbddc7b11e
-
SHA1
f7c1ddcc57388274b24e94bd423a22cc8316849d
-
SHA256
fc6b6b5c7cd9bbf88216e43b0f886675e5aba09811d8509327c93720f431a554
-
SHA512
7f92c06fa5c6b98e41474fac6f49e51c75b0685c438c5e3ee5a9b6ea7b85f7f0fa962a7cb950dbb2bbaa96698a92be07eda4e2251ebb937047c032c7b98101b6
-
SSDEEP
6144:ZAFAoRKVtXlKEZ16aufhQ8fdwhPJkxG5+TD81dn:DoROXLSHfahPJk0x
Score1/10 -
-
-
Target
unbranded perm/perm spoofer phantom/Release/mac/mac.bat
-
Size
2KB
-
MD5
189dbc488495dbb7b4bc313bbf777116
-
SHA1
476e49b7383544e7f1e5d4c080e528fd406906d1
-
SHA256
6b564fd712451bab4446c4beca68635843dfbbeb38a3430b162098e9204ce40b
-
SHA512
ae6464807f10f4b0ca869c253b7036ae5e7f14b24e8079f8a3481816e4457e036747fdfbbfa26c9f85795f7dcb57f1e839811a327f326799bdc5b5820106c38e
Score1/10 -
-
-
Target
unbranded perm/perm spoofer phantom/Release/unbranded perm.exe
-
Size
64.3MB
-
MD5
71e6a52bd682117551b99ddcd839247f
-
SHA1
54d63a9f8b19320f38780321fa15088b988ee6ca
-
SHA256
0256d24bfc6aa189a5887470a5e680e6ec1d2699e0a16daa81476f2f38add3f3
-
SHA512
b0a23776776014d6b4cc171861d97c9a3132e3d1dba36c0990a97b801d274be147d77dcdca5619c088660cd1945c0b2d5b617ec52c4cd2faedde53be8a1223e8
-
SSDEEP
1572864:sj/0DTTOSrkBG+LJ2zR3fHN9kBG+LJ2zR3fHN:XDfrrMrJ2zVN9MrJ2zVN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-