General

  • Target

    XWorm V5.2.rar

  • Size

    23.4MB

  • Sample

    240310-e1bm9acb22

  • MD5

    124934b33b799f3dfb38d0782eb7c226

  • SHA1

    014e48c43ee5ab6b8b3fda9f3957e120f1f540b7

  • SHA256

    64a332e63e1377a71afc60f7aac1a9fff359a8b05e62492a52c3f5f39a16e805

  • SHA512

    d2aa4e83589a806710aee8c28173328728a2329f337d89933aeaf2d9733a36db8dd545ab922884e3026494711d8f93060918a96d29122d11da427e1b0a251fc2

  • SSDEEP

    393216:qyaHwY3S7XnvGrNlRCGHm895dDi5bYTAuuPxCaderVu2FvPZZY0ddmw27+PDhl3t:qygS7XnC/HHdX96bUAuqvdeVu2FT3dwa

Malware Config

Targets

    • Target

      XWorm V5.2.rar

    • Size

      23.4MB

    • MD5

      124934b33b799f3dfb38d0782eb7c226

    • SHA1

      014e48c43ee5ab6b8b3fda9f3957e120f1f540b7

    • SHA256

      64a332e63e1377a71afc60f7aac1a9fff359a8b05e62492a52c3f5f39a16e805

    • SHA512

      d2aa4e83589a806710aee8c28173328728a2329f337d89933aeaf2d9733a36db8dd545ab922884e3026494711d8f93060918a96d29122d11da427e1b0a251fc2

    • SSDEEP

      393216:qyaHwY3S7XnvGrNlRCGHm895dDi5bYTAuuPxCaderVu2FvPZZY0ddmw27+PDhl3t:qygS7XnC/HHdX96bUAuqvdeVu2FT3dwa

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks