General

  • Target

    XWorm V5.0.rar

  • Size

    28.7MB

  • Sample

    231020-yrdwssga9w

  • MD5

    51ab8413d36a816271d23b31917daa1b

  • SHA1

    2f58abec0c36e58fc41fd4da881c0e8bf7d0343f

  • SHA256

    59ea17e61bfd687a75524e79eef148ac3929d774dbce4a30191a5888c122a671

  • SHA512

    da14aa8f02624f8c58d086831a058a5832dcfb1915fa0db1595a165ce17d1381fe59be255b2ed20ef6d893782406598792f38bc7ec70727b31d2255e8ebc8efc

  • SSDEEP

    786432:iy9ZS01ImfHxnCqOvJ5IE7H7Qq6NsjXt0eIxKxBe:1dIKEX5XH7Qqk4Xt0dxT

Malware Config

Targets

    • Target

      XWorm V5.0/XWormLoader.exe

    • Size

      101KB

    • MD5

      39d81ca537ceb52632fbb2e975c3ee2f

    • SHA1

      0a3814bd3ccea28b144983daab277d72313524e4

    • SHA256

      76c4d61afdebf279316b40e1ca3c56996b16d760aa080d3121d6982f0e61d8e7

    • SHA512

      18f7acf9e7b992e95f06ab1c96f017a6e7acde36c1e7c1ff254853a1bfcde65abcdaa797b36071b9349e83aa2c0a45c6dfb2d637c153b53c66fc92066f6d4f9a

    • SSDEEP

      768:xeWGZOGdUe42+W7RKRCceHXM5VezK7OCaqWEI/G9MKaattbGF+r9UOJtqlngJd4U:xdWE5W74A8VeAOVqmyVttdGFQeOPigx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • AgentTesla payload

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks