General
-
Target
XWorm V5.2.rar
-
Size
23.4MB
-
Sample
240310-e1bm9acb22
-
MD5
124934b33b799f3dfb38d0782eb7c226
-
SHA1
014e48c43ee5ab6b8b3fda9f3957e120f1f540b7
-
SHA256
64a332e63e1377a71afc60f7aac1a9fff359a8b05e62492a52c3f5f39a16e805
-
SHA512
d2aa4e83589a806710aee8c28173328728a2329f337d89933aeaf2d9733a36db8dd545ab922884e3026494711d8f93060918a96d29122d11da427e1b0a251fc2
-
SSDEEP
393216:qyaHwY3S7XnvGrNlRCGHm895dDi5bYTAuuPxCaderVu2FvPZZY0ddmw27+PDhl3t:qygS7XnC/HHdX96bUAuqvdeVu2FT3dwa
Behavioral task
behavioral1
Sample
XWorm V5.2.rar
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
XWorm V5.2.rar
-
Size
23.4MB
-
MD5
124934b33b799f3dfb38d0782eb7c226
-
SHA1
014e48c43ee5ab6b8b3fda9f3957e120f1f540b7
-
SHA256
64a332e63e1377a71afc60f7aac1a9fff359a8b05e62492a52c3f5f39a16e805
-
SHA512
d2aa4e83589a806710aee8c28173328728a2329f337d89933aeaf2d9733a36db8dd545ab922884e3026494711d8f93060918a96d29122d11da427e1b0a251fc2
-
SSDEEP
393216:qyaHwY3S7XnvGrNlRCGHm895dDi5bYTAuuPxCaderVu2FvPZZY0ddmw27+PDhl3t:qygS7XnC/HHdX96bUAuqvdeVu2FT3dwa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-