General

  • Target

    XWorm V5.2 password .rar

  • Size

    34.8MB

  • Sample

    240401-kjmbbahe9y

  • MD5

    ddf1bb497d1b4a6d925985c7a379bc99

  • SHA1

    acca208bb567b37935f19bdda7914f22bea727c8

  • SHA256

    c01228250c4da12e0bc7a86bd096dfb948a189294add5a11c8332ae35e6f07f0

  • SHA512

    42a52f6e4c121e20ddfa319f7994e9b521c36436328b0d3d6b49d8b050974ac7417b4ee5ce142e7e8640348a3deb09b3cd61b2cbc4cbba4a26e527d28d474375

  • SSDEEP

    786432:X58ZhgqfxDG0y3oj/4a/7N392sGrY5KnBjpDh6oi:XOAqSojBN2sgYcNRh6oi

Malware Config

Targets

    • Target

      XWorm V5.2 password .rar

    • Size

      34.8MB

    • MD5

      ddf1bb497d1b4a6d925985c7a379bc99

    • SHA1

      acca208bb567b37935f19bdda7914f22bea727c8

    • SHA256

      c01228250c4da12e0bc7a86bd096dfb948a189294add5a11c8332ae35e6f07f0

    • SHA512

      42a52f6e4c121e20ddfa319f7994e9b521c36436328b0d3d6b49d8b050974ac7417b4ee5ce142e7e8640348a3deb09b3cd61b2cbc4cbba4a26e527d28d474375

    • SSDEEP

      786432:X58ZhgqfxDG0y3oj/4a/7N392sGrY5KnBjpDh6oi:XOAqSojBN2sgYcNRh6oi

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks