agenttesla | 123840c0d58f465fd97e1f7d10ec5d1568be311d831730f4dbcade25660f4e05 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm v5.1....2.exe

windows11-21h2-x64

XWorm v5.1...32.exe

windows11-21h2-x64

XWorm v5.1...64.exe

windows11-21h2-x64

Sharing

General

Target

XWorm v5.1-5.2.rar
Size

59.1MB
Sample

240501-bxcjlacg6w
MD5

298d0b235e0571529565a8a3bd10a210
SHA1

f5e447e08cd137ffaee7be99b2d2958ea4abc2db
SHA256

123840c0d58f465fd97e1f7d10ec5d1568be311d831730f4dbcade25660f4e05
SHA512

9657ca3ae2a1620a34fb39f0117721e598f3fa4545c2fc1dd2af31e434a29b5ec4f945380b0d1dbd0cb14ccbe21f66f3b34dc2b8df9470bed9de6da012a114e6
SSDEEP

1572864:i03+stamViG3rfi3xFS4CmsV9B3gKnVCpN4rfi3xg3PnjmH:FuRmomzimmIwACX4zicPSH

Score

10^/10

agenttesla stormkitty agilenet keylogger spyware stealer trojan

Static task

static1

agilenet agenttesla stormkitty

7 signatures

Behavioral task

behavioral1

Sample

XWorm v5.1-5.2/XWorm/XWorm V5.2/XWorm V5.2.exe

Resource

win11-20240419-en

agenttesla agilenet keylogger spyware stealer trojan

windows11-21h2-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x32.exe

Resource

win11-20240426-en

agenttesla agilenet keylogger spyware stealer trojan

windows11-21h2-x64

11 signatures

150 seconds

Behavioral task

behavioral3

Sample

XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x64.exe

Resource

win11-20240419-en

agenttesla agilenet keylogger spyware stealer trojan

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  XWorm v5.1-5.2/XWorm/XWorm V5.2/XWorm V5.2.exe
- Size
  
  12.2MB
- MD5
  
  8b7b015c1ea809f5c6ade7269bdc5610
- SHA1
  
  c67d5d83ca18731d17f79529cfdb3d3dcad36b96
- SHA256
  
  7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
- SHA512
  
  e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
- SSDEEP
  
  196608:pcWPW6SJ5POYAa23tuQUj7prczC9YNu+/ChWbPP91SDwDrZhd:pce0JtOSSLU3prczy0uqkaIkDtn
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1
- Target
  
  XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x32.exe
- Size
  
  109KB
- MD5
  
  f3b2ec58b71ba6793adcc2729e2140b1
- SHA1
  
  d9e93a33ac617afe326421df4f05882a61e0a4f2
- SHA256
  
  2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
- SHA512
  
  473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
- SSDEEP
  
  1536:5vjAnXqn2nY7WfRMgPQQrMoqmyVttdGFQeOPigx:5LCan2nY7sdQQAoqmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral2
- Target
  
  XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x64.exe
- Size
  
  109KB
- MD5
  
  e6a20535b636d6402164a8e2d871ef6d
- SHA1
  
  981cb1fd9361ca58f8985104e00132d1836a8736
- SHA256
  
  b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
- SHA512
  
  35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
- SSDEEP
  
  1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

agilenetagentteslastormkitty

behavioral1

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral2

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral3

agentteslaagilenetkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy