Overview

overview

10

Static

static

10

Velocity 7...I2.dll

windows10-2004-x64

1

Velocity 7...I2.dll

windows11-21h2-x64

1

Velocity 7...er.exe

windows10-2004-x64

10

Velocity 7...er.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Velocity 713.zip

  • Size

    20.0MB

  • Sample

    240721-tt68xaxdjk

  • MD5

    90e7b2ac6fecafcb4c2e840a4eb9b1db

  • SHA1

    fba35164629b2e18e2ff4d64d5302dd8066fa4bf

  • SHA256

    070d3500ad3658d8c87947769e825213af3af9056bc6cf382f886e7a2f0b2fe9

  • SHA512

    d99388c38779d88bcd6df4c9d16a2cd45538d12911a2ab6416368c4578137fe7e42b56e87bdf61dfd9a5f0eed31cc3ff0bdbae3600db65933cf053027c4b8ef7

  • SSDEEP

    393216:X2R2+QHNdYCUtXL1X/bA9Au9qudam9bJM7eARNKM24aEWTymt9aD76Yx5:yvQtd6p9jYADudamo3JaEWb876C5

Score
10/10
agentteslaevasionkeyloggerspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      Velocity 713/Guna.UI2.dll

    • Size

      2.1MB

    • MD5

      c97f23b52087cfa97985f784ea83498f

    • SHA1

      d364618bec9cd6f8f5d4c24d3cc0f4c1a8e06b89

    • SHA256

      e658e8a5616245dbe655e194b59f1bb704aaeafbd0925d6eebbe70555a638cdd

    • SHA512

      ecfa83596f99afde9758d1142ff8b510a090cba6f42ba6fda8ca5e0520b658943ad85829a07bf17411e26e58432b74f05356f7eaeb3949a8834faa5de1a4f512

    • SSDEEP

      49152:cvrqKk8q2gqi2OXCt6kuSw9g8PTNTN/23uxjPHEiCAjFcm:cvrqZr

    Score
    1/10
    behavioral1behavioral2

    • Target

      Velocity 713/Velocity Spoofer.exe

    • Size

      19.6MB

    • MD5

      0043cb93d8ff5d31698fc8682905ed21

    • SHA1

      91579a84f56c6850e9e996508f86cccccbca6744

    • SHA256

      e1b9f69a162f2d05059269bc8da64c6f1d1f799e8da5010545b2f490f6a370b4

    • SHA512

      d61683d0d72403e6d88b8e678c2b3834790611a587a4b7f043d0ddec9619c03aa9293afd16f71a442133ccb793fa0fe5975066a1f0817d19b835683b472a9471

    • SSDEEP

      393216:u4qMf3RuoaX5L7nFv2TGIlkeBqkRbfxL9tMtbmE/WUnwbZSDU:uPMvRU1rl+GxeBqkltMtV/WUnwbZ

    Score
    10/10
    agentteslaevasionkeyloggerspywarestealerthemidatrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks