General
-
Target
XWorm V5.0.rar
-
Size
28.7MB
-
Sample
231020-yrdwssga9w
-
MD5
51ab8413d36a816271d23b31917daa1b
-
SHA1
2f58abec0c36e58fc41fd4da881c0e8bf7d0343f
-
SHA256
59ea17e61bfd687a75524e79eef148ac3929d774dbce4a30191a5888c122a671
-
SHA512
da14aa8f02624f8c58d086831a058a5832dcfb1915fa0db1595a165ce17d1381fe59be255b2ed20ef6d893782406598792f38bc7ec70727b31d2255e8ebc8efc
-
SSDEEP
786432:iy9ZS01ImfHxnCqOvJ5IE7H7Qq6NsjXt0eIxKxBe:1dIKEX5XH7Qqk4Xt0dxT
Behavioral task
behavioral1
Sample
XWorm V5.0/XWormLoader.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
XWorm V5.0/XWormLoader.exe
-
Size
101KB
-
MD5
39d81ca537ceb52632fbb2e975c3ee2f
-
SHA1
0a3814bd3ccea28b144983daab277d72313524e4
-
SHA256
76c4d61afdebf279316b40e1ca3c56996b16d760aa080d3121d6982f0e61d8e7
-
SHA512
18f7acf9e7b992e95f06ab1c96f017a6e7acde36c1e7c1ff254853a1bfcde65abcdaa797b36071b9349e83aa2c0a45c6dfb2d637c153b53c66fc92066f6d4f9a
-
SSDEEP
768:xeWGZOGdUe42+W7RKRCceHXM5VezK7OCaqWEI/G9MKaattbGF+r9UOJtqlngJd4U:xdWE5W74A8VeAOVqmyVttdGFQeOPigx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect Xworm Payload
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-