General
-
Target
XWorm v5.1-5.2.rar
-
Size
59.1MB
-
Sample
240501-bxcjlacg6w
-
MD5
298d0b235e0571529565a8a3bd10a210
-
SHA1
f5e447e08cd137ffaee7be99b2d2958ea4abc2db
-
SHA256
123840c0d58f465fd97e1f7d10ec5d1568be311d831730f4dbcade25660f4e05
-
SHA512
9657ca3ae2a1620a34fb39f0117721e598f3fa4545c2fc1dd2af31e434a29b5ec4f945380b0d1dbd0cb14ccbe21f66f3b34dc2b8df9470bed9de6da012a114e6
-
SSDEEP
1572864:i03+stamViG3rfi3xFS4CmsV9B3gKnVCpN4rfi3xg3PnjmH:FuRmomzimmIwACX4zicPSH
Behavioral task
behavioral1
Sample
XWorm v5.1-5.2/XWorm/XWorm V5.2/XWorm V5.2.exe
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x32.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
XWorm v5.1-5.2/XWorm/XWorm V5.2/XWorm V5.2.exe
-
Size
12.2MB
-
MD5
8b7b015c1ea809f5c6ade7269bdc5610
-
SHA1
c67d5d83ca18731d17f79529cfdb3d3dcad36b96
-
SHA256
7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
-
SHA512
e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
-
SSDEEP
196608:pcWPW6SJ5POYAa23tuQUj7prczC9YNu+/ChWbPP91SDwDrZhd:pce0JtOSSLU3prczy0uqkaIkDtn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x32.exe
-
Size
109KB
-
MD5
f3b2ec58b71ba6793adcc2729e2140b1
-
SHA1
d9e93a33ac617afe326421df4f05882a61e0a4f2
-
SHA256
2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
-
SHA512
473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
-
SSDEEP
1536:5vjAnXqn2nY7WfRMgPQQrMoqmyVttdGFQeOPigx:5LCan2nY7sdQQAoqmyBeu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
-
-
Target
XWorm v5.1-5.2/XWorm/XWorm V5.2/XWormLoader 5.2 x64.exe
-
Size
109KB
-
MD5
e6a20535b636d6402164a8e2d871ef6d
-
SHA1
981cb1fd9361ca58f8985104e00132d1836a8736
-
SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
-
SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
-
SSDEEP
1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-