General
-
Target
VELOCITY SPOOFER.rar
-
Size
42.8MB
-
Sample
240616-f138yavfkm
-
MD5
ef475c4a6399a55b1a2ff5c076d4d24b
-
SHA1
938c8bb1257d444acb4882ea631e0538acced9d3
-
SHA256
8d2410c9bfb3a1f474b1788b1ceef5e08e46492d2f1ced167ac15ce9612cc66c
-
SHA512
038c49b828a95b4e732e8bab27b60232fecc9d0451def2866335bb99e86dbba1b39ef6f28f9395f1d7927b30bf3ff0e58c985368e4d37821673643b595f941d8
-
SSDEEP
786432:uPJONfCPXexFGlfFV+Tlwvgf+XcHEXFo/WEuOKWH4oJTct1KzxESyRdl:uPJsfCv8YfFUaYf+MWYWMxQ5dl
Behavioral task
behavioral1
Sample
VELOCITY SPOOFER/Install These/VC_redist.x64.exe
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
VELOCITY SPOOFER/Install These/dxwebsetup.exe
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
VELOCITY SPOOFER/Install These/net472.exe
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
VELOCITY SPOOFER/Serial Checker/Checker.bat
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
VELOCITY SPOOFER/VELOCITY SPOOFER/Guna.UI2.dll
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
VELOCITY SPOOFER/Install These/VC_redist.x64.exe
-
Size
24.2MB
-
MD5
1d545507009cc4ec7409c1bc6e93b17b
-
SHA1
84c61fadf8cd38016fb7632969b3ace9e54b763a
-
SHA256
3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a
-
SHA512
5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104
-
SSDEEP
786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4
Score4/10 -
-
-
Target
VELOCITY SPOOFER/Install These/dxwebsetup.exe
-
Size
288KB
-
MD5
2cbd6ad183914a0c554f0739069e77d7
-
SHA1
7bf35f2afca666078db35ca95130beb2e3782212
-
SHA256
2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
-
SHA512
ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10
-
SSDEEP
6144:kWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQV:VcvgLARDI1KIOzO0
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
VELOCITY SPOOFER/Install These/net472.exe
-
Size
1.3MB
-
MD5
69c7a6fbd55e62f6248ef3dd15e0a4b8
-
SHA1
8db77fae5d96bcf400e011693867e4967d6efa7e
-
SHA256
8880ec74a4a5758a0dd7a49fdb8d0c55e7518de92eb1cc384c2e90e7f4d14cc4
-
SHA512
fe5a16bbc234334947136e7eb062c1483a7393b9e8a64f06011b17cc5a3f3c611086d0b15e51f7a34223671188625e885d407aa1453554bd07508acbeeabaa09
-
SSDEEP
24576:0GHL3siy9XlrSmtLvUDSRbm4Jah1rVxbMA4/9PcmkBQHLeEJJXeQ80+gIn+Ae:JL3s7V+eTUDBzrVxbMfUmkNEjXeu+3Q
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
VELOCITY SPOOFER/Serial Checker/Checker.bat
-
Size
454B
-
MD5
aa8220e80fb4dfd7ea8f391672218a93
-
SHA1
6822bec95792d69c0cc94b5b62eb7cb9e30ae67c
-
SHA256
b9ec143a28f17dbcc9a1ac14c029850fdccefa74cdf2e687186bae9c84bb1c44
-
SHA512
b96d0170ee25cd8cf060a7c830a4a8a230af0b69bf7110713bd9160e2cb24c31cb44c0df8f0cc779bedcc5dfb57af857b9ae0e22cc9698b46d8ca930a81fcb95
Score1/10 -
-
-
Target
VELOCITY SPOOFER/VELOCITY SPOOFER/Guna.UI2.dll
-
Size
2.1MB
-
MD5
c19e9e6a4bc1b668d19505a0437e7f7e
-
SHA1
73be712aef4baa6e9dabfc237b5c039f62a847fa
-
SHA256
9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
-
SHA512
b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
-
SSDEEP
49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score1/10 -
-
-
Target
VELOCITY SPOOFER/VELOCITY SPOOFER/VELOCITYSPOOFER V3.0.3 .exe
-
Size
18.6MB
-
MD5
5b0959331736bb00f64fcc7c6a779e70
-
SHA1
0e025d6575cc2cc43ed20ebd76bb16e856e3dd1f
-
SHA256
3b8bcb947f70781010d77610ed7f7c6087668c96dc6daa6e7264910a30aef0b7
-
SHA512
50ec7371b2f13e07cca0a7040f41391dd9502257c1cc6c0c57202d5ec46c9236c8727cbb699eeac0c05a09f43b0653ce4d51008ccf36f623962363c05c5b485a
-
SSDEEP
393216:wRtFiEWIqtfGuraddLCQB4v6s//S7Yxk+jR4SK:wRtFiEmeuraLCQnSaszml
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-