General
-
Target
SploitXE_Release.rar
-
Size
3.3MB
-
Sample
240618-tqez9averr
-
MD5
205f456e3c5b13c05098c964a3f653e1
-
SHA1
f9423d7ee8bff3d1f2fe196f8d25f91e0a6ec885
-
SHA256
347d4a35a5c99443dc26be1d36b93c308817808cc775ca15b1760243f0979d14
-
SHA512
802668e47d283991b4dbadc86d17ba8bbdcdf453fa4147b2632f6797272746a9037e29705fa77773b13f99e4a9202e4a9ca0f851ec8ca109abba8423c016e2ec
-
SSDEEP
98304:UEc3CcFJpNlSZfA9l0N4MRpJ7BwsE60b81jvT:ylfrgOlCRpJ7BwsEGZL
Behavioral task
behavioral1
Sample
SploitXE Release/SploitXE.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
SploitXE Release/SploitXE.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
SploitXE Release/setup.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
SploitXE Release/SploitXE.exe
-
Size
59KB
-
MD5
8f53627c43fe6a510a9fc17a7a50c348
-
SHA1
813323918300c83c8878a043db0631b1d156f07a
-
SHA256
f8fd35f40cf45e0332813d5ac555663c6d041256120d6e0fd0300d7b677379e1
-
SHA512
f4e0f4e3cf8833b9caab846e16558b882905d2cf5d0f037aa15cbe818f33052236780aea4c5e84eafc61333e63decfe64c694f1536117d39001a2e39f8f58c11
-
SSDEEP
768:QUNFDR8oN3NmUqVLVbXrhsPWHrdRpfO4HjCMLpPd0:lR8oN3c3O0rdRpfO4DpLdd0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
SploitXE Release/setup.exe
-
Size
2.4MB
-
MD5
d1be561690e1d91e515faf9581cf81a6
-
SHA1
9fed9a02c3845ca78bd72319bbfcf5140e64a36a
-
SHA256
7213f30970c9764e1e0f85f15125f9241cf2619fb4724d322b5fe6f8ee3d9da0
-
SHA512
919e7bd14b65bf4fc778ce3409a92fdb5a59516cdb43d5dd3626ff2d18be9389951a289afe7453aeb6f8b9e314007c007a6f3bb7137f4fd167ce5688cebf28f5
-
SSDEEP
49152:Ytavs+rX1wXzrf7XC4yY86lG8mFMRkoma4ftd0B8K4QH9SsmHFDTWU:Yn+j1wHzyb38mORkdtdCzdSsmHRTn
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-