General
-
Target
XWorm-V5.3
-
Size
251KB
-
Sample
240501-l16xqacc7s
-
MD5
e2bfd8153db53876cec297cb5bdd9795
-
SHA1
d1d01aa7bfb357dec83669268607f2667b54d0de
-
SHA256
9acb9f4966952d4ed42b022571a42309b73921609702e027fd7bd23e1cafb35a
-
SHA512
e15268dd73cb26c8c6359f3fc4d834a455d9f42865c001d8bc9b264257d24d1118b5f50066e51a948cdf3e83fa0bc9109f1ad1a77a0a92b0ca04c40cf733ccbc
-
SSDEEP
6144:jtQhY2n9ddKM2vkm0aWyRv37P9lvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0ZTY:hQhY2n9ddKM2vkm0aWyRv3z9lvZJT3Ck
Static task
static1
Behavioral task
behavioral1
Sample
XWorm-V5.3
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
XWorm-V5.3
-
Size
251KB
-
MD5
e2bfd8153db53876cec297cb5bdd9795
-
SHA1
d1d01aa7bfb357dec83669268607f2667b54d0de
-
SHA256
9acb9f4966952d4ed42b022571a42309b73921609702e027fd7bd23e1cafb35a
-
SHA512
e15268dd73cb26c8c6359f3fc4d834a455d9f42865c001d8bc9b264257d24d1118b5f50066e51a948cdf3e83fa0bc9109f1ad1a77a0a92b0ca04c40cf733ccbc
-
SSDEEP
6144:jtQhY2n9ddKM2vkm0aWyRv37P9lvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0ZTY:hQhY2n9ddKM2vkm0aWyRv3z9lvZJT3Ck
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-