agenttesla | 260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5

Sharing

Copy URL

Twitter E-mail

General

Target

260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
Size

294.8MB
Sample

240613-c63yks1gqc
MD5

67a5831b686c19fb480396f98f1079bc
SHA1

d05134893047f3e4f5293242a4e68a8ec55aa624
SHA256

260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
SHA512

a3eb042fe14caf631c53fd459f0df6529f859f9281cba44816584ed4f56ba9e02bbdd65c5e8c1e9f35d6cc66879fa4506cdc2a2c7b82f572ca61ce54487a6476
SSDEEP

6291456:IZfdwL7u84xrkvjmqaZ/eHu/bKZ+XaYRzZo/9AZ3mNpMFUTE+7enjrsJovsu1SgB:2dQB0kjSbXGfQcq09Y

Score

10^/10

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.vir
- Size
  
  264KB
- MD5
  
  001d2d017b5a7716053d3f1486270f41
- SHA1
  
  134e90a630685756e64d4f9261a42b16a429bfb4
- SHA256
  
  6ded4860d0d448a3d6be053aeeb5dc5807237c626dde9e8753fb8e391a20085f
- SHA512
  
  dea76160993edc1e8b7e521a312fc8ad6b24fb13686650788ae17b573e7a6f0f56862c9368e9f18671d9efaa341cbbfcd03627f0fd8eb75c0985d6206ac9f0fe
- SSDEEP
  
  3072:V0Yi1Dv5+lRM0kkE0SrkY96A07YJqm05ieY639:VSDv5+lRM0kkE0Srk7r7AqmkYW
Score

1^/10
behavioral1 behavioral2
- Target
  
  Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.vir
- Size
  
  133KB
- MD5
  
  f4ab74d27fd8116fe2c37d8154855a9d
- SHA1
  
  f09675326f81ab0271871adad9c7c65fee0a1446
- SHA256
  
  7edda9eb5d207df8bde583a00b614c0f50cb5f72f0a3877777a2c65909a34af9
- SHA512
  
  be88b2e52e5affd34a2ada17a71858bef1ad7589390545cd2d1e291e24c9cd1c5e532aabff118abf9552d5ef889f36a2c6dd0691777422b77c6f2f210c015b6d
- SSDEEP
  
  3072:+wYAHqXZJHR8jqWHnKCsCUISQEWM+wZqwO0:+wtKXZlylt
Score

1^/10
behavioral3 behavioral4
- Target
  
  Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.vir
- Size
  
  40KB
- MD5
  
  012d6250b2f03cc71381041c4eeeb50a
- SHA1
  
  7fb3e7e476fdcb4348f5f81cd204e3a5cbe1f9a9
- SHA256
  
  76b3e9b52bed711b27a1bd17d58ad31dd268b843a4b845cbc5a1ca88270910a1
- SHA512
  
  35939882b204e6f9d80e794506c975c0ddbf104ba66f5cb0d43bd35dda7cefd2b681b1a7c219d42b9fa8f0f53aa253b1027017b40cf91534078fe130278daa93
- SSDEEP
  
  768:Um0CAbLg++PJHJzIWD+dVdCYgck5sIZFZhfX58fX5avnSPkc:t1++PJHJXA/OsIZBX5WX5b
Score

1^/10
behavioral5 behavioral6
- Target
  
  Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.vir
- Size
  
  103KB
- MD5
  
  0253492c47e1aae5c1906a4b099e13b9
- SHA1
  
  ff47af05a11b5b8a7da7c9ddee31cd09c02dc554
- SHA256
  
  1af9f6233863af004d0e7489a59eeb9a4f07611d45365e5761053835bbaa847e
- SHA512
  
  68791f2461f874b1d692036a15cc202e8e7402dbf9c63434dd79c422113d0da226798b3abab78a18aca3f904a4cb9f5033c1b1365fbea43153a3abcfff8aff2f
- SSDEEP
  
  1536:YA/OsIZfzc3/Q85JiRJij7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q85JiRJiDCQCa:XQSoUnyiQSok
Score

1^/10
behavioral7 behavioral8
- Target
  
  Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.vir
- Size
  
  94KB
- MD5
  
  025c0616d26ebf93aa583d575245bf35
- SHA1
  
  a40e17ceb956440d8e2cfffbd5521c8c6a73ee9d
- SHA256
  
  139c0de1f2cc0f0adb2ac795cdda3aca3c2cebc9709f33bfc4723b6d7d44ae14
- SHA512
  
  58f195d6ccb7fa6d296e658d6b0b88aeade5fd3d24b33983a033eeef1db2d346c5fb618f17e54ec85e0a99b2d1849e1134cfab1e458995f06049c9501166368f
- SSDEEP
  
  1536:YA/OsIZfzc3/Q8Q8/8bo2pM7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Q8/8boZ:XQSoskbo2pMnyiQSoskboZ
Score

1^/10
behavioral10 behavioral9
- Target
  
  Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.vir
- Size
  
  1.2MB
- MD5
  
  02c31485fa69ef9d1a370034d043587d
- SHA1
  
  685239570d722c61a1f895e3a15184a427b88819
- SHA256
  
  762a8c34b753fa31c6f51059b45078453b5b7a20bb99422ff74851cf2fa92088
- SHA512
  
  b872655e70e6b7e43401f46d1e3dcc44352efc12f3aaf5be81f0c24e2c9e69626a472fe37063d1ba2b2da796d564b4d1034320c41e77e76b6ded57a3c3551aec
- SSDEEP
  
  24576:vBF672l6i2Ncb2ygupgrnACAmZ/NwFC31G3AcMxA7DX+qtrRgxNrgPoUgjQJi:r56uL3pgrCEdM/QxtgPov
Score

1^/10
behavioral11 behavioral12
- Target
  
  Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.vir
- Size
  
  1.7MB
- MD5
  
  03bf9f5a5e7769cd9cddf935454e30f1
- SHA1
  
  9848f6ac4205b5f38372fd41adc810b53e114302
- SHA256
  
  71a9a636f468ed3b08721df281d8bf5372b8db8879464f3718316a40cba5da56
- SHA512
  
  f07bba9a610ee96ce13ab585f5c70831d2af5cecdb93f64e91a40c7aa90d7cbec95ad1d4089ae2781f5479eb7750ee39b84a4d5b80e36320f29d12977094716e
- SSDEEP
  
  24576:/o5dOf9g8OlZflTja0TZaqdiXSp0c02uFG6dAk3CMq0:/qdOhODf5a0TZaqdwk0c05HGi1
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.vir
- Size
  
  39KB
- MD5
  
  03d6ebf12ae52644ac8fbc893526aaad
- SHA1
  
  94e5931b3e6f08540ea1444d4ca32c04dfc3d718
- SHA256
  
  129c51be985345ab11d83350eaae7f3001ea0562db91fd02fd2d9cbcbf864e4c
- SHA512
  
  a550c48654537eb983355198e9ea9eb0644829beafa55c06c0b448ac66ae60bfe3a346f0957080c350920d1b31761de829c4a9a10a0ae78ac8c9610c81efa40d
- SSDEEP
  
  384:8Cr3uc+P9FYVLMME5fbZI2gtTvHEwPhtvNudiBuD2159aqhA:l+PYVLxE5fbj2zthlNxBuDvq
Score

1^/10
behavioral15 behavioral16
- Target
  
  Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.vir
- Size
  
  58KB
- MD5
  
  0437640434489c178ddce32f6bc8bd9c
- SHA1
  
  37f726985385a715f21e34ee7e27c14112d8dda9
- SHA256
  
  fe083f6ffd8ae61efba45099b0e55a356c24cfca83738b13ea73ecd76622e995
- SHA512
  
  58dafac6161446f6b644a247f5a344ff657211d60667627a2c21f78bc4942d14543b97220456ea7b6fe8e47624d046c2b8e8168a19bcd77408fb171e0b718817
- SSDEEP
  
  768:KDfbpEmkB9PyuUbUTUDa4yATSby7ozW4rkrIvTTmdGT55DIHMd6vdQG3gCb/VQPC:KDDpVGqaZkrQT2MEqGwmK
Score

1^/10
behavioral17 behavioral18
- Target
  
  Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.vir
- Size
  
  5.2MB
- MD5
  
  044454717ce16bdfddd7dfedfc4fa455
- SHA1
  
  2beb7f9914dfa214bbd2d6e69af0c154c13994a6
- SHA256
  
  55c3507d0db1a9dde5ee48796d7e0bdc7f3681f62aa8efff98e97b7ff9c1afdd
- SHA512
  
  8d55da3d0d1f85f674bdd9eeb4c05af4a45cfa25b83d513582bd7eb7cde0125109cde73e5b96c486d9ab09c845c45da07ef1b2158fd8dd1409da8e6d62174f5a
- SSDEEP
  
  49152:exxCp6fPKUYwWBNRaujWa6K2wxIO5B3CJr/FkjpdCnD5il0xbNbDevV05JDVEGmM:StfymWlMM3CtIIn40xbNbDIGJxUQ7
Score

8^/10

discovery
- Drops file in Drivers directory
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral19 behavioral20
- Target
  
  Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.vir
- Size
  
  2.7MB
- MD5
  
  0622fa4ddac7802def045e83a4ccb8c5
- SHA1
  
  2ad1bdf90f3c0cb18e58ce4f3d2097cb4bfb7087
- SHA256
  
  59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9
- SHA512
  
  233bde8b2fd64ffa9e529a90e772f651313c93ed24c78f25870a5d8a215093e12adf03c183dbf938c492faa8274b5c2b6c35676a0cb66b171080ed8af8364706
- SSDEEP
  
  49152:KqZQ0QKjXrK7DbGmzOL0hs3/9VwAH8C4gVRSO8qNmK7+r06tbdjM2sYS02VzrO:KqZQCG7nHq0sV5H8C4gVRSNqN17+r/tj
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/NSIS_Picasa_Unicode.dll
- Size
  
  116KB
- MD5
  
  aa1a7ecd9cefb7639592648991adf8ff
- SHA1
  
  6f2bfc5008dc754db849af068fb9008ede3abe3d
- SHA256
  
  0b87401371a5547e79fdc3bdb75f65afc275b6eda057276267d80caa81c5081a
- SHA512
  
  c070abffeda7ad1add4623f07e5176712f1ef51827af532765dfe93144fd517c19542a0d3dc7c980d47a4011dd295509eb6f7d009f04f7c9616f2df2ee6ae3e8
- SSDEEP
  
  1536:ItIObacRovDoa5RigM/srzPBSJY4Mz5I360wLxL8gP9xtBeIw9Pntb8P6oHj:ItVxSR5o9Kzn0mAkxtMIw9vtbI6C
Score

3^/10
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  301a9c8739ed3ed955a1bdc472d26f32
- SHA1
  
  a830ab9ae6e8d046b7ab2611bea7a0a681f29a43
- SHA256
  
  6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92
- SHA512
  
  41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094
- SSDEEP
  
  192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA
Score

3^/10
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  b0165587c54350b6c9910e765f16ad9e
- SHA1
  
  fd81de9f3b1dd8d6cfa8621fddf9f93c29b4710f
- SHA256
  
  26006c739057373f948b11892f40b0cc686c6c97c448f79447856421f9a15563
- SHA512
  
  2f69354fd433eec277a804124f5c476fd645270b89af3db22ed45b599cdf251cfccdc3c642b8893078748a0a674676ea28c5fe5b471a633de7301c6a6646295b
- SSDEEP
  
  192:bzQhZDqlJcKISw99ioU3MSfwLF/+nhHUOFsdz:bzoZDGKYw9goWyFGBUVz
Score

3^/10
behavioral27 behavioral28
- Target
  
  $SYSDIR/GPhotos.scr
- Size
  
  4.4MB
- MD5
  
  d27fa7516848de6820d9bb95be7a4e36
- SHA1
  
  f87eba07d880a1fb3e87391655153790542e2d4b
- SHA256
  
  7966d8f3db6b6fa46ab53e3ee9ae0d11bcbf18049a1df06f1289b31ee6db4299
- SHA512
  
  603c570d26a0ac000f72dfc905483af623048a2aeea0396827c77dd627416466e88446f3cee59bae259317fcb8eb4072ca208a720bcd732db7cf7968b8f244a4
- SSDEEP
  
  98304:saW9lnNyMKJ2BWMXt/34smaZmaRME9iv:swM9PJmaZma
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/PicasaInstaller/spmsg.dll
- Size
  
  14KB
- MD5
  
  066f7fcca265d01a5b7eaf41ade789b1
- SHA1
  
  dcfd5d499c71f83d4a3b7026728ad79eeab13f89
- SHA256
  
  93bb82eb2786708add9f1538283658ee949aa79e658196f0386ad88fb61320b1
- SHA512
  
  7fa09d093df7bb95f52badc463123cef848dbc26e8da2a3e014289a41ecf273b546182210e70f42c408f84d673f8811c74e142f9c60978a20f89f6b1d6d9acaf
- SSDEEP
  
  192:4W0boplW7QdvzVL/CldolMGoVOu39DKmHj78iCYsB:4W087W7QdvzVLCcM4aeWHCbB
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Drops file in Drivers directory

Executes dropped EXE

Checks installed software on the system

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32