General

  • Target

    SploitXE_Release.rar

  • Size

    3.3MB

  • MD5

    205f456e3c5b13c05098c964a3f653e1

  • SHA1

    f9423d7ee8bff3d1f2fe196f8d25f91e0a6ec885

  • SHA256

    347d4a35a5c99443dc26be1d36b93c308817808cc775ca15b1760243f0979d14

  • SHA512

    802668e47d283991b4dbadc86d17ba8bbdcdf453fa4147b2632f6797272746a9037e29705fa77773b13f99e4a9202e4a9ca0f851ec8ca109abba8423c016e2ec

  • SSDEEP

    98304:UEc3CcFJpNlSZfA9l0N4MRpJ7BwsE60b81jvT:ylfrgOlCRpJ7BwsEGZL

Score
10/10

Malware Config

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • SploitXE_Release.rar
    .rar
  • SploitXE Release/Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • SploitXE Release/SploitXE.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • SploitXE Release/SploitXE.exe.config
  • SploitXE Release/SploitXE.pdb
  • SploitXE Release/rbxfpsunlocker.exe
    .exe windows:6 windows x64 arch:x64

    b67b812388a1094acd5db594749b4971


    Headers

    Imports

    Sections

  • SploitXE Release/setup.exe
    .exe windows:4 windows x86 arch:x86

    099c0646ea7282d232219f8807883be0


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/AdvSplash.dll
    .dll windows:4 windows x86 arch:x86

    741b6bafe355b63a372d737b30543a95


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x86 arch:x86

    a648aeaa164b592c1e8892a10400b5ae


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/frapsv64.dll
    .dll windows:6 windows x64 arch:x64

    cef4b21c53f78138c51f40a3490d2038


    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/frapsvid.dll
    .dll windows:6 windows x86 arch:x86

    8bd657e3a2aec874ff7b8761afab1713


    Headers

    Imports

    Exports

    Sections

  • $TEMP/beepa.bmp
  • HELP/help_fps.htm
    .html
  • HELP/help_general.htm
    .html
  • HELP/help_movies.htm
    .html
  • HELP/help_screenshots.htm
    .html
  • README.HTM
    .html
  • changes.txt
  • fraps.exe
    .exe windows:5 windows x86 arch:x86

    2eabe9054cad5152567f0699947a2c5b


    Code Sign

    Headers

    Imports

    Sections

  • fraps32.dll
    .dll windows:6 windows x86 arch:x86

    901cf2a321aa7eb39bd863e73e1f8add


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • fraps64.dat
    .exe windows:5 windows x64 arch:x64

    ad82390a62dede519dea4dbfc7b3c581


    Code Sign

    Headers

    Imports

    Sections

  • fraps64.dll
    .dll windows:6 windows x64 arch:x64

    1e6a56d4f5105ead332a252c267b6f0e


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • frapslcd.dll
    .dll windows:6 windows x86 arch:x86

    95039ae47858a565b3441bc31de120b0


    Headers

    Imports

    Exports

    Sections

  • uninstall.exe.nsis