agenttesla | 3d445f2b4e5ec21b7ea9fd54f8816c60002fbe5c6fde029771ec6caedf1db2de | Triage

Sharing

General

Target

Vyron Spoofer.zip
Size

98.4MB
Sample

240912-eea5lazejh
MD5

31074001a4d05b00a2579cc1d95ff782
SHA1

b63ed530c6d04f85d770aa6caf33a2aa86898f98
SHA256

3d445f2b4e5ec21b7ea9fd54f8816c60002fbe5c6fde029771ec6caedf1db2de
SHA512

5c7ed380c806e590b28d4ca54287ae02c9c47baf48240eb4bd71d1c1588c34072d34ed7db38c2623eca9dbee446749258fd8cabd644dce6890ff1839276f23a1
SSDEEP

1572864:IVqVHwsFtFk1oeiXzv/hDG9E0qZf7YTfns6/icXOfNbYKxMJwEn6t8qXllRa:vHwEkWjDG9EBf7YTv8cXOlbj6wEnZCTa

Score

10^/10

agenttesla discovery

Malware Config

Targets

- Target
  
  Vyron Spoofer.zip
- Size
  
  98.4MB
- MD5
  
  31074001a4d05b00a2579cc1d95ff782
- SHA1
  
  b63ed530c6d04f85d770aa6caf33a2aa86898f98
- SHA256
  
  3d445f2b4e5ec21b7ea9fd54f8816c60002fbe5c6fde029771ec6caedf1db2de
- SHA512
  
  5c7ed380c806e590b28d4ca54287ae02c9c47baf48240eb4bd71d1c1588c34072d34ed7db38c2623eca9dbee446749258fd8cabd644dce6890ff1839276f23a1
- SSDEEP
  
  1572864:IVqVHwsFtFk1oeiXzv/hDG9E0qZf7YTfns6/icXOfNbYKxMJwEn6t8qXllRa:vHwEkWjDG9EBf7YTv8cXOlbj6wEnZCTa
Score

1^/10
behavioral1 behavioral2
- Target
  
  Vyron Spoofer/Gift/Mechvibes.Setup.2.3.4.exe
- Size
  
  61.8MB
- MD5
  
  2441bd745cfb0cbd39c806a475cc9bff
- SHA1
  
  6e8c59aee5c3d072b6d42a67346604b5dcd532cb
- SHA256
  
  8b1158f6552a30da70aff106d4ab129e08980175e440c5945bb290edbb8a222e
- SHA512
  
  fce3deb09acbe8cd5e650700fdeef2edafe2ba37167a0b2ea1ff33f266c9f69d9a56856ba4868a025b3d5bf9893a50ad0bccb97d8c226798e3c9ef39e8b714dc
- SSDEEP
  
  1572864:y7b4n3FTTZ4bqlAKjv2/btReXUq4ndx+55D+UNdR:yO3F/NCJReXUHdx+5xpR
Score

7^/10

discovery
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  238KB
- MD5
  
  38caa11a462b16538e0a3daeb2fc0eaf
- SHA1
  
  c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
- SHA256
  
  ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
- SHA512
  
  777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1
- SSDEEP
  
  3072:hD2ekNFXiQraqoDDfbrH6ZgxkzStPpwGxqeujXj5Bif/Pa0L:hD2vhaqoDfb6mxk2LqHXj3if/Pa
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  61.2MB
- MD5
  
  6c65a42387b202082ab2b32d2118630c
- SHA1
  
  48a8d1cd3db2d60c0843105c6bc19d61ab99b43c
- SHA256
  
  541ebb0d3d3771a2db433df20301bb8dc471167ebb3fcfb758cd6d93b191dc66
- SHA512
  
  4740a9ead446624874501ded4e39a59a1e8b403744f1d4e62ac4cc7d0b606faaee6f97d2ec86bd59293462a0ef480e1454f49106f72448971f9b8419a022166f
- SSDEEP
  
  1572864:zb4n3FTTZ4bqlAKjv2/btReXUq4ndx+55D+UNdr:m3F/NCJReXUHdx+5xpr
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  150KB
- MD5
  
  52ff52eee3b944b862c11c268a02c196
- SHA1
  
  8d041966e6fba10aa5e10ce5dc1dc5175f11b2fe
- SHA256
  
  2079f7a3eba60e0d9ee827a7208aa052a71b384873b641de5e299aeb8e733109
- SHA512
  
  2861ae5a06f8413810947c08994f4c0da54a1acee8c4df72cd8b03a9503b26e5512809f8d70fd584239b04a651e7329a701bf7ddcee2dec2c2e14d05ae74f220
- SSDEEP
  
  48:EWQsvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvW:ER4N4S/992/zDmrkVIe1ULo2K
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ca95c9da8cef7062813b989ab9486201
- SHA1
  
  c555af25df3de51aa18d487d47408d5245dba2d1
- SHA256
  
  feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
- SHA512
  
  a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9
- SSDEEP
  
  192:oF8cSzvTyl4tgi8pPjQM0PuAg0YNy8IFtSP:EBSzm+t18pZ0WAg0R8IFg
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  3d366250fcf8b755fce575c75f8c79e4
- SHA1
  
  2ebac7df78154738d41aac8e27d7a0e482845c57
- SHA256
  
  8bdd996ae4778c6f829e2bcb651c55efc9ec37eeea17d259e013b39528dddbb6
- SHA512
  
  67d2d88de625227ccd2cb406b4ac3a215d1770d385c985a44e2285490f49b45f23ce64745b24444e2a0f581335fda02e913b92781043e8dfd287844435ba9094
- SSDEEP
  
  96:cjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNG3m+s:9bogRtJzTlNR8qD85uGgmkNP
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Uninstall Mechvibes.exe
- Size
  
  156KB
- MD5
  
  218424b6e4d00e2a7f5040ca6ace0578
- SHA1
  
  449575da75d74d3a633e91c5df8ad8345163b47d
- SHA256
  
  115ea7a6d6cea39828715bd799c6034a93d43cc88b68ff67dd13bd82f2f3fa89
- SHA512
  
  3a491f5d4bbd8310bb2923244ac24868a35edafdb6e8671683c37418ae631c3d8408f43f05ca1936edbc5ab44d528f64eb9c15e595a2dcc5d9e904483f88e6b8
- SSDEEP
  
  3072:Ua77v0JhE4Dy6LtausK/9op6z4c+E3DuYUSwb32tvhOEA1RJCir86SrSrvZwa3c:Uw4JQ6xD4E+EznRwT2t0EyL+ewaM
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  Vyron Spoofer/Install These/LEMONMILK-Light.otf
- Size
  
  32KB
- MD5
  
  91271d24ade18b13113d3122bfb5369a
- SHA1
  
  9a56b6f3519f38b20e62973de1634cf10a636023
- SHA256
  
  bf47b91cee250be39d1ae96b14e0e31368ae165b6bb50283151db5c80d76a769
- SHA512
  
  ebbe45ec253ac2eef891cd50a589337c048294d3bf4aa90b2de989d43a787c7226128a70d91dec68ba71a130400a520b4f0a711e29c8b6cc91aa2ffbcfcf605f
- SSDEEP
  
  384:T/FPcAsOIsmi8zGvVVMFMgC3MXIcMFWuRZp6n7UN9q2y33hESZxHZZNq9jgbOwrv:T/SipVVMrSsaT6gq2y33hTPNqNnwmUAE
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  Vyron Spoofer/Install These/Poppins-SemiBold.ttf
- Size
  
  151KB
- MD5
  
  6f1520d107205975713ba09df778f93f
- SHA1
  
  8a4ace9392d06bcb7f8ea2f5169b07e4c383a90d
- SHA256
  
  248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
- SHA512
  
  5e40d2ebe39605ed0c2d8be022dd716e51b018e1bb0ae0101164e1e02bcf6b7cca5ec0da2ebcb533d959ae766af8863b27d62efbba1755e9e8d45e7bce51fa36
- SSDEEP
  
  3072:0FyHGX8bZ0eysTnqHvobJixBp0TKf3H5z8MkKURj7i8w+fW+uQ:0kHGsysUnQ3tX
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32