General
-
Target
XWorm V5.2 password .rar
-
Size
34.8MB
-
Sample
240401-kjmbbahe9y
-
MD5
ddf1bb497d1b4a6d925985c7a379bc99
-
SHA1
acca208bb567b37935f19bdda7914f22bea727c8
-
SHA256
c01228250c4da12e0bc7a86bd096dfb948a189294add5a11c8332ae35e6f07f0
-
SHA512
42a52f6e4c121e20ddfa319f7994e9b521c36436328b0d3d6b49d8b050974ac7417b4ee5ce142e7e8640348a3deb09b3cd61b2cbc4cbba4a26e527d28d474375
-
SSDEEP
786432:X58ZhgqfxDG0y3oj/4a/7N392sGrY5KnBjpDh6oi:XOAqSojBN2sgYcNRh6oi
Static task
static1
Malware Config
Targets
-
-
Target
XWorm V5.2 password .rar
-
Size
34.8MB
-
MD5
ddf1bb497d1b4a6d925985c7a379bc99
-
SHA1
acca208bb567b37935f19bdda7914f22bea727c8
-
SHA256
c01228250c4da12e0bc7a86bd096dfb948a189294add5a11c8332ae35e6f07f0
-
SHA512
42a52f6e4c121e20ddfa319f7994e9b521c36436328b0d3d6b49d8b050974ac7417b4ee5ce142e7e8640348a3deb09b3cd61b2cbc4cbba4a26e527d28d474375
-
SSDEEP
786432:X58ZhgqfxDG0y3oj/4a/7N392sGrY5KnBjpDh6oi:XOAqSojBN2sgYcNRh6oi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-