General
-
Target
XWorm V5.2 password.zip
-
Size
36.0MB
-
Sample
240502-xxxenaeb7w
-
MD5
2c9f6406bac263b5d4fade5e717fbf7f
-
SHA1
d8a34f676de186af9da32a7a85f8eda25592d407
-
SHA256
b09487ea9dc5e977f6a82ac84bc160b390aee483ac3746180217872a0f535027
-
SHA512
1e2f03b7c505ced0392b91ab84018066cc27a29eb00cbeccc305aade4bccd473d3ddb118699ddd400ac318eb08be2895e0975ab1b135cfce88726814d40a4809
-
SSDEEP
786432:bCxzHbV1gXPrCT0kw0SJg9by8U0/4h6vdA8ZMCFEb6un3LOnUZUiaG2JbS:cbMXPrCTvbSJaQ0/4hcb+LnbgUSiaG2c
Malware Config
Targets
-
-
Target
XWorm V5.2 password.zip
-
Size
36.0MB
-
MD5
2c9f6406bac263b5d4fade5e717fbf7f
-
SHA1
d8a34f676de186af9da32a7a85f8eda25592d407
-
SHA256
b09487ea9dc5e977f6a82ac84bc160b390aee483ac3746180217872a0f535027
-
SHA512
1e2f03b7c505ced0392b91ab84018066cc27a29eb00cbeccc305aade4bccd473d3ddb118699ddd400ac318eb08be2895e0975ab1b135cfce88726814d40a4809
-
SSDEEP
786432:bCxzHbV1gXPrCT0kw0SJg9by8U0/4h6vdA8ZMCFEb6un3LOnUZUiaG2JbS:cbMXPrCTvbSJaQ0/4hcb+LnbgUSiaG2c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-