agenttesla

Sharing

Copy URL

Twitter E-mail

General

Target

XWorm V5.2.rar
Size

32.3MB
Sample

240503-ph7m3sgc33
MD5

6672fdcad8a6ceafeba47ceb3f6ef31c
SHA1

276083004a8005157968630bda1c864bd71e0c8e
SHA256

14a4f6c9137eee4c24fe5c52dae6bc82fecb9b8e832742b5b40f734e6e842a5a
SHA512

fa06517933da50ee03f4e62f47bde26f6c109bb2b464fab1cd2668ead88d6ae5ab1b407b698e606ca6034f6223c813638f2245f3cf81dfd58cb5ce7a05b7130a
SSDEEP

786432:Ay7edM3wBHSVCp3K7YepeEJfi2Ij5kNJuaaJxyXzmz:jedM3wtSVCp7crfi3jYPnjmz

Score

10^/10

Malware Config

Targets

- Target
  
  XWorm V5.2/Plugins/HiddenApps.dll
- Size
  
  45KB
- MD5
  
  c5efa70a04a026b9a2fa97b1ea43e840
- SHA1
  
  aab2de0ab74c12e04256ff2b113b062dc93179e6
- SHA256
  
  f9ef7709f34e944d99ca5bef6af1524d7cf3889894084b7ae61e9202f267a728
- SHA512
  
  1348d4ebd3ac5b56eb32820ee14f9aee20a43b7dc3d06dd7fd62c8f227b12a27d0c0376c7d858e78315cd92d17e588bc2e37648c04d146530db706e8b3c4ff1d
- SSDEEP
  
  768:zy37gsdDvMZ9+rdm2KExqbMYRQpWk/x0qqBi3X/G0gpfN3ff2oA:idDvML+r/rqbMYRQpl/x5qI/dEdX2J
Score

1^/10
behavioral1
- Target
  
  XWorm V5.2/Plugins/Informations.dll
- Size
  
  22KB
- MD5
  
  310ba7a07953ed7f783e89bcff6197e3
- SHA1
  
  147aa53e0d7cb027e6c67fa50fcb0dc0c770e157
- SHA256
  
  b10616eb3f5e4b0ceffc696179cdb616c78ef970dedbac10845a39985c91a38a
- SHA512
  
  554ead0f700dd617eed6055a84ecad288c4779ab20206e7434a8f3443a03a95a501014cd52390eb57570c25ea2bd7a298b96e88e8550d10b2a5db4f9633af529
- SSDEEP
  
  384:24svJAz5thUNHcxxypeGQ/0n3TmyxhxJNSLSg4RjjoZ:24suz/LypeGQEjfNSQM
Score

1^/10
behavioral2
- Target
  
  XWorm V5.2/Plugins/Keylogger.dll
- Size
  
  17KB
- MD5
  
  40ba99b80654259d0428c7e4f3645948
- SHA1
  
  8fa93e0f035694cd8e420aa2232aca859b3a2a6b
- SHA256
  
  3361bb2309e4ee31f14081bc170ac530e2ae9d1336026e736190a0304e2e77e4
- SHA512
  
  fc1deb29eea114e5a472102a51d49fa253a5c79821acffa930b30089ebecec4312437d4720b46e92149be2ce69aed57dc3939621a596ed6c413397363fa44ee7
- SSDEEP
  
  192:uCK9HKDyS0+NKdUxEIj1aq8fgYO1Lnq4Ur1XneDN6IW1Y6Up91KNN10UbnnSL2CV:K5Oe+4dw1IDMO4U5uD8Upih0yZCV
Score

1^/10
behavioral3
- Target
  
  XWorm V5.2/Plugins/Maps.dll
- Size
  
  15KB
- MD5
  
  b74f037f6c6de44e817660922a3044fc
- SHA1
  
  eb5acc30d3f607193bd819e8c0cdaaf70295c5b4
- SHA256
  
  ccb32961b904a22c2531313ed7c3733d7288daab181074f034eb4c73a0958a65
- SHA512
  
  a547961b87ecdbc0f9bf02381f16e03795dc73eda744a86da2cc07c97d7f1b65642971347d1ca69f36ead63c3b9078b6e0f2ecb4b6f2178a3b9a62f3ffb76579
- SSDEEP
  
  384:/HC+Q4WPRdJElcjp8J4jtepa9BX/bS9E2:/HCbRdWle2C5x/u6
Score

1^/10
behavioral4
- Target
  
  XWorm V5.2/Plugins/MessageBox.dll
- Size
  
  15KB
- MD5
  
  bde9c12607827e21c64e1d64033043b5
- SHA1
  
  d980614dda65f1f4c3a73d1f9c8162e597fcac4e
- SHA256
  
  2170fe155b56e362500ece32013bbf8d45d5dc93e689ab33d3612066c7450f75
- SHA512
  
  e015d9b915b748d1683c18621919161f9d495221c9bf788b661e3eeab60320ee0b0d9d64a393fafa47b521b484f0af2c9948f6dac0a9b7ef1e8910571e7e98eb
- SSDEEP
  
  192:kpDQ4tBCjRD6W2Y7gF/OF2glT/9r169G3m6IW1mX/j0rsVHvJsJtDdZKML2vW9:0QcRW2UVT/95gG3UX/j0ZyvW9
Score

1^/10
behavioral5
- Target
  
  XWorm V5.2/Plugins/Microphone.dll
- Size
  
  540KB
- MD5
  
  747554e4ca902a8d18b797c2edcb43ed
- SHA1
  
  508d7c9f0b031a352a1a1f25d4c6abf4167392d5
- SHA256
  
  1f135bc57ea4f44bf8a37d66b42788bed5aba753c5cbd0b4d3349ede64abfc59
- SHA512
  
  deb3f480dc7febb1d9ff4ccdb1dd04d83e9fbe7e74fb0dd39d103dbe85fa0c434407ab032e9bca027e38a0f482d08308513cd821b09dc08aafafd905e97126fd
- SSDEEP
  
  6144:yF8i30ykMPoxBemtSQvAVYm8Ou/JgtKMV6fb78+Ommg8YCQ18aFgRWAdoYCY8gQg:uP32emtLAV8OXebgreL7AwuaruedUB
Score

1^/10
behavioral6
- Target
  
  XWorm V5.2/Plugins/Ngrok-Disk.dll
- Size
  
  7.0MB
- MD5
  
  4443f2173682ef836df2f89e1b44296e
- SHA1
  
  1b0db6530eb5c5404af614143f464d663382c2e4
- SHA256
  
  01e170bc479dc22cec4658a39067e001a72a974a4e562aca01162f82decd20b6
- SHA512
  
  7bb8df753fc3636d3b01f2145c1df553b34a427a9e07d4c563a1fb2e23480ba2d609658d6ca2c4deaa386feff8af741397a3cbdb15c28157c4cf4ba8244fb61f
- SSDEEP
  
  196608:+CsxED7kwTV6B/nCR7+AA3e5MryK5Rj1Bpw7Vdjz8wEO+Dl:+TED7/VEqt/A3TryARj1BpwLktl
Score

1^/10
behavioral7
- Target
  
  XWorm V5.2/Plugins/Options.dll
- Size
  
  30KB
- MD5
  
  b0ebfc762fd2a7511e819336524551ea
- SHA1
  
  b3657c8edc6b9231d16b49bec11f01983d965495
- SHA256
  
  bf2978e31b7a1612255ff79217481374ea2ae976c2b8c270ec3eb5324251d8d7
- SHA512
  
  2adfff3089ac551ba057f2b4b2d208255a4558abb2761b39fd9cc10f37313386fdc1307fffb80777e0a1b6c1d1dbabf61b26cbff8592e77f982453679145822d
- SSDEEP
  
  768:DLxkuz7dDWH839iybgkf/sGRNW9s9dhjcI:DLNHqUPbgQsGRNW9s9
Score

1^/10
behavioral8
- Target
  
  XWorm V5.2/Plugins/Pastime.dll
- Size
  
  17KB
- MD5
  
  178627a4b30c54d20e5a59049b5af211
- SHA1
  
  5ae226eb92df19cb693764509b953bf1dbfeffcd
- SHA256
  
  c3ffa5aedbfe2c83e68d7b70afd1adb590801da429c3a5d4fd6da18116ab0cc9
- SHA512
  
  75e9684378f5155f228a75c03cb517257e7e04cddf9762e7e5b348f7b30482a9c750cb0285e28279dc9ef740c3ce759e4ebfb4e3efddd094daab7eb3bdf713c8
- SSDEEP
  
  384:zEoxsRLvyUi4U4R7XonhJAH+epi5zOY7//Zl3sA8/fT1:zEoKVvri4UA7YnEnwr/8A8/fh
Score

1^/10
behavioral9
- Target
  
  XWorm V5.2/Plugins/Performance.dll
- Size
  
  16KB
- MD5
  
  d447b98bf277020e48a04d2771b190ba
- SHA1
  
  a9b312d1d858e06156eecab2cd97d246a37822e8
- SHA256
  
  57af9bb212361e2dbfe97a784beb2f978426b42f9ea0986f74c8fbfebb630f13
- SHA512
  
  8c58bf90c5433005d7e3c8a871171dd5fbc558947d5ce387351fa7625ed6bf2a6b72afa91f8d3c7243c5e950467855838f27b6356266074321204347cded15a1
- SSDEEP
  
  384:+fCyikE3df5r1XTgOw2QxHN7yVpBKUqa:xdx5DKHClJ
Score

1^/10
behavioral10
- Target
  
  XWorm V5.2/Plugins/ProcessManager.dll
- Size
  
  17KB
- MD5
  
  12630688eb6538b34e5a392cde76ec09
- SHA1
  
  add2c24ef79657f47693995b1ddb2c760520670a
- SHA256
  
  8dbffc8d2928cc2fe3dc67b071619419bd4e21506bf8d8b66bbdef54101953d3
- SHA512
  
  24da487f34fbad245f64f86b88db8c61041e80956c2befe859903ece46905ded09e90e08f2d148316947dde8a4990bd1c944ad36a96930b197769dab025689e0
- SSDEEP
  
  384:KdfDSm8iGh5I84ZQsCH97/Y5gLCEYptkpnrDhDK4TkAvfsxfZLnVb:KdfDV8iwmyhlYATkAv0H
Score

1^/10
behavioral11
- Target
  
  XWorm V5.2/Plugins/Programs.dll
- Size
  
  13KB
- MD5
  
  c730d22a23fb8ec58f51116e54ac4cc4
- SHA1
  
  45c4b19479d6e58736630db5405dd58450a601dc
- SHA256
  
  4bfe2b70271956dbcf08086ff04bc36a23928d974469ffeaca97ed5ad5b6dcfb
- SHA512
  
  da5d553e1e470958db4565699f0d2a58c9ab8a653b34003fd33758ed85f1a4f3c027064fcd0c24dae3ba88f7adc22f9b45ff55c22e2b29cbc0cf8f0b7293f7db
- SSDEEP
  
  384:WA3FIPiu78UTyGS7dnTu5lYTX/1geEedNtb:WA3Mr78UTy5BTp/1sKn
Score

1^/10
behavioral12
- Target
  
  XWorm V5.2/Plugins/Ransomware.dll
- Size
  
  20KB
- MD5
  
  e55dfe70871fb442f8b8eea790875a7c
- SHA1
  
  0f659147ad89de0dadca9d74abb0854ec64ae403
- SHA256
  
  b0ccb9a2bef7fd24d7f31bb70a8516129a099b47d2564f9f18cb0d87144fc5da
- SHA512
  
  daf5fc4a89d841a04b2b6fd8e516d7efa3baa08710af6ff85c57771d99a2ee07da4c2482baed9ecdae54e3eca2d840341ee3371a826cf26fb180dfba864e63a8
- SSDEEP
  
  384:XVSO27QJHvpebFn0LC9Tk7ff2ji+ZMuqI+sHY4k7ENeEDuQZh:XVm7Q1vpebF0LC9TqH2Mj74tqg
Score

1^/10
behavioral13
- Target
  
  XWorm V5.2/Plugins/Recovery.dll
- Size
  
  1.1MB
- MD5
  
  be590ee7d8c0366cc28c200308ba0823
- SHA1
  
  0fa6c6ca44893c45f115e446566f0d4dcf5168d6
- SHA256
  
  a81e4efc2c85a4f8fed46b9b0f3bd3c2a750a3047ae7ce5b29f21df52d85dfbb
- SHA512
  
  cbbb4c62d703bf8dd0e0e34b438401710c1bd62c82f71060483f4a84dfaa802a9b0d39b904d6f77cf4ef0b630f173f66f349497d53a6039c640e0f4301e26041
- SSDEEP
  
  12288:M2uX3iDoOeiWYcW3GFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchk:PNeiWYtc/5/jbOE8ULrFmCCo
Score

1^/10
behavioral14
- Target
  
  XWorm V5.2/Plugins/Regedit.dll
- Size
  
  15KB
- MD5
  
  d92b2e7472ec9cb8b803bc039558c828
- SHA1
  
  0ca9e950b5ef64e3cdd23a31a2b51ad2b82581de
- SHA256
  
  1989885e6f4f459b4ef37ab11e97ffe8c1598a8189eb3a4110f259357af2414f
- SHA512
  
  ef4ded6ae8349a58a0745aa55ad96530d028f8137437124b02a80b332e2801447dde2e6e908e48151ee7102868676ef435fe5ecf0ebd980f497435e58e599171
- SSDEEP
  
  384:1Ak743gHOThJ1ACZMDqYpmewuYvpYrQrfKr9A8/Pj9eZ:1AY4t1AyMD6zY0+A8/P8
Score

1^/10
behavioral15
- Target
  
  XWorm V5.2/Plugins/RemoteDesktop.dll
- Size
  
  18KB
- MD5
  
  f4e00005c72b4331eb0e9243346d3e1d
- SHA1
  
  f8afb37fc362430b4045cd2f22e5a5cdaca43ace
- SHA256
  
  9bcf8dfc92bc643b9414a446da4632050de1b7577fedf4f7711d3b4b3d46e06d
- SHA512
  
  7e9be2c2a247a7ee067b156062098a2494113ca935c83a6c8723ee2fe3b7ae15ce5addac5630b8aaba9b12d52896127609f8d7974bb622b79d9a8dddd6c7a155
- SSDEEP
  
  384:174NEKdUoIdAsQh8onN4dtKSbjt9l/C6m5YxBdJbqJtjS1:1742LJ5E8oyuOJBLSjK
Score

1^/10
behavioral16
- Target
  
  XWorm V5.2/Plugins/ReverseProxy.dll
- Size
  
  16KB
- MD5
  
  a4bd2edda7e214bc50ec559c15cf81c1
- SHA1
  
  1f268ba761ef9dd38d74d3eead9289a2a35d21a4
- SHA256
  
  9fd3621ffec11e0ad254b37ce4fe527f82461b67cc8d8827532d3573a011e2e3
- SHA512
  
  b3d8857b0fc31c5fafc8552e54c34b2e463f5dba2d167ecf41e5c22aca8a36ea352a4aa1baac73278c409f975e4c68ecc55e0c085280c62151e7898b59a4bbff
- SSDEEP
  
  384:wxhzLf8ZkYXVgUzTNnrYFXoRFlS9OPCD:wxhk+YXdfEoRFQ9OPc
Score

1^/10
behavioral17
- Target
  
  XWorm V5.2/Plugins/RunPE.dll
- Size
  
  11KB
- MD5
  
  e8f0b68716a0bc4459601623c5c3c757
- SHA1
  
  261e11edb2ec5b14d8feaf80d6a8e966da1817f8
- SHA256
  
  0f075f2dd5a41d601329c4bff57ff38302e1da2ad149399f7f2776e640063502
- SHA512
  
  5539be32acecb59e43eb35ef9971b82764ed6bb5cc50b02ca0921ec30ccbb4d49a743262350ec9860bc669000e6511d3b3dcba0a37a5360f3f6ff4af2bc420bf
- SSDEEP
  
  192:Wbfqh94qP9XFw3l+JNGGOueq1JtSnIW1fUsezpo7SLOYN:WbChWqPj5jJtGUsezpoHYN
Score

1^/10
behavioral18
- Target
  
  XWorm V5.2/Plugins/ServiceManager.dll
- Size
  
  14KB
- MD5
  
  539b869c8fde6159f832e9b851bab6c7
- SHA1
  
  1e5b134d538d9c2eef53e4ecd04b806f4990cc74
- SHA256
  
  79ae4fdfc5edc08cea5520fe1e8fc448991903c493a02e9fda407bc825b330e9
- SHA512
  
  47dc3e66b4e32cb3bc1e2583e852cad7c211defe529d2ed7fce18587b4c1515bd5b5c5720f9ba0c1d9d022ff537abf827ed483e09fe63dfcf05bee4c07434631
- SSDEEP
  
  384:9Q7lIxrn2dEda+RWUtTZ5nYsSh8ZYUwJjm:9QhIVn2dEdZ9+h8ZY9
Score

1^/10
behavioral19
- Target
  
  XWorm V5.2/Plugins/Shell.dll
- Size
  
  15KB
- MD5
  
  cb3bd9515eeccc9042757756ab7dd962
- SHA1
  
  c562da19fdc78c12685a0b1913bdf74067612b25
- SHA256
  
  e1cd982074254a8290fac19cd6d657dea80e4e70fb2742dae1137d895c3a09d8
- SHA512
  
  b1f5b6bea6ec21ae855c92871d396ae5139d028fd9f8e6d23706fc2abb97e3810b5b90ce70f2f399040436d5c4e47d64c5506464b26081fcfcb99dd91d1ac33f
- SSDEEP
  
  192:3k/C8fflArGr0J4z4sCS2IictD3ROFBLggT051i9Yd6IW1OU1buoFXR1F5cLW8:P81ArGmlS2IRtVUXT0HoYpU1bRFxx8
Score

1^/10
behavioral20
- Target
  
  XWorm V5.2/Plugins/StartupManager.dll
- Size
  
  189KB
- MD5
  
  cc42a1c35fa6857707755c4b7eebaade
- SHA1
  
  ddc1db3a8571e1d5da140f3500e26bf1a03acc03
- SHA256
  
  28533cf4dc5b93d9ec547c2a7649958e6c3b2906ddc43175af0a94439596bee9
- SHA512
  
  120c1481566b2c341cb9ffc90c821b1823870b9a671913ff5db9b8802f3fd120570dfe7c9928a038f3bf8a838a63a9ea5b3819a47bdbd9827f1024d79a70cbcb
- SSDEEP
  
  3072:V2rExorpMoREHBAnpK37nXs83+oQvN74Syoh20K7SLgmRHHLzp+oI:VqrZv8m1gmRnfp
Score

1^/10
behavioral21
- Target
  
  XWorm V5.2/Plugins/Stealer.dll
- Size
  
  3.3MB
- MD5
  
  6cf3156c057817473d7d2239f71d2403
- SHA1
  
  36f45d7a326054e231b77b6021392d35898096ec
- SHA256
  
  3257ac3031047fcb719a8f82bd54ce42a6d542a97dd0149da08957a0c479e7fc
- SHA512
  
  3828f10081ef476cce1832ae8b3f68d7efaf539903f9d4f4e6fc4ef19feb87cb2d63409d5057e5d6d4b46e229d9ca10e39917a5c1902c55a3ce01cf18d67526d
- SSDEEP
  
  49152:1VbwgxmbsO2B7wKOfpUL6GbriHeGAb4TkyNejj2SqE08:1VbFxmbsO2B7wKOxfSf
Score

1^/10
behavioral22
- Target
  
  XWorm V5.2/Plugins/TCPConnections.dll
- Size
  
  16KB
- MD5
  
  fad421f5c9feb27d771e9aa9c33a8d16
- SHA1
  
  f1807d942d08918180f4b8b3ab4d12be167e5634
- SHA256
  
  44eba556913d0d5ef327e19e98b8ba0e9d37fe720c9defa48124582726bbd234
- SHA512
  
  f3aa58cfac5db09912aedf2f6a63f7d9feb4b86c2fe0cece9851f7e618571019068e086c328ed5eb83124207818a2d0963139e852136c7a1e66d923870e8dd40
- SSDEEP
  
  192:LKo8pevV3pE6vGvyj2T/Qfpp/dv/f2OtyEox0GTeA19Z/J6IW1Gz/thYCKKIxLWz:38pevfvGvmxhD2wyzTeej/Zz/pNLv
Score

1^/10
behavioral23
- Target
  
  XWorm V5.2/Plugins/UACBypass.dll
- Size
  
  10KB
- MD5
  
  2bb895a2756541eea6da91beb2fde3e9
- SHA1
  
  da43a05730311acb92c0b2dab8542672394531cb
- SHA256
  
  145e3437ffc5c875d16d3a14921c81b58f84d86123ae9ec23c3dd69a00c94377
- SHA512
  
  cc80cf2a52fbb9563aa980df9ccf922ed303b286844e138b95cbb2b0417a3ae26f03dd0a578bdefed223ff77e97c4b2b00da363691e26ff7eed228e35194f91f
- SSDEEP
  
  192:Vcq0WYKDFxDviOGOko8bZfmgyOYkIW1UZ/Xvjljw2sZgiSL20V:VntNFxOrE8bLyOYBZ/XTsZgU0V
Score

1^/10
behavioral24
- Target
  
  XWorm V5.2/Plugins/VB.NET Compiler.dll
- Size
  
  15KB
- MD5
  
  e5799a4f4549c6cbde983435ac8f26ff
- SHA1
  
  0c1632f4e492a1aefda27681e4a0abda60e47521
- SHA256
  
  8eb7c894f300b125022b468b9ee2cd1333b6658ecfb73c9af82de847a648b54e
- SHA512
  
  2ffb7bd4e30fdcd823d62532fa311d1aaea181a8af4984b811f75767ea8d1419ec6738b6b45a03f76a720a8402cc762f6b48e5ad862fbd17af0254c8a0a9be2f
- SSDEEP
  
  192:4/kjd8kwyGQ0ODx80RqKkI2a255TCOCeJyxlTer1c9gotlF6IW1oXxvKBecGSLWO:Ld8kaOD1RGmOCfeyTe5agIXxvbcYO
Score

1^/10
behavioral25
- Target
  
  XWorm V5.2/Plugins/WSound.dll
- Size
  
  539KB
- MD5
  
  4bea05a0f2dd1209ae0142ab85ec376d
- SHA1
  
  44c417d41cc57e74ee30753e6583b061a00cbd3e
- SHA256
  
  f6b78afdc14a3c9cc6a54a54b8bef95631e59b47a712ffe2bc416f5f223d329b
- SHA512
  
  8ff1a47dd8dad4f8a1c1a1fe17623e47d7c90d57684bbbb22d2ebd456002ee5e6b549978750f7940f5b787da20079930b9980ea36e490804f79729265f7e18b1
- SSDEEP
  
  12288:88AUWhPjkySWFTF75Z/u9dhCkx6bgyn6skW58IIJg9Zmriceu5:7s5FTF76Crbgy6skW584Zmr0u
Score

1^/10
behavioral26
- Target
  
  XWorm V5.2/Plugins/WebCam.dll
- Size
  
  209KB
- MD5
  
  0f120604ef985616821459e5ff2feccd
- SHA1
  
  100bceb7d6c01b574b7089e999bc05ab3fc0847d
- SHA256
  
  a07f0452fc4b47b53ec48d6c790aa4407aee15ec67320c506ba674a1dae551ef
- SHA512
  
  d4127d42d61a93e5e02d2e68ca21c91c5ad47e4149e0eecc9902f1daf69a9f52499c16e42bb51993289f5afb7f6f73b76a0d7c4631e8a998aa6c731053385806
- SSDEEP
  
  3072:NPjWR/jKGR5BfF/g50PBgakLA3LC2FY+EdzYZHAx+dqRN51hdJFxtZV9l5hhJxZM:N7+22fFcgBgakL320zYZHpMXM/yW
Score

1^/10
behavioral27
- Target
  
  XWorm V5.2/RVGLib.dll
- Size
  
  241KB
- MD5
  
  d34c13128c6c7c93af2000a45196df81
- SHA1
  
  664c821c9d2ed234aea31d8b4f17d987e4b386f1
- SHA256
  
  aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7
- SHA512
  
  91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689
- SSDEEP
  
  6144:4vJ05NPsvienBaRWxomAElbgu6Cqe2ZBePW9J:4u6iABa+iu32ne
Score

1^/10
behavioral28
- Target
  
  XWorm V5.2/SimpleObfuscator.dll
- Size
  
  1.4MB
- MD5
  
  9043d712208178c33ba8e942834ce457
- SHA1
  
  e0fa5c730bf127a33348f5d2a5673260ae3719d1
- SHA256
  
  b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c
- SHA512
  
  dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65
- SSDEEP
  
  24576:FDy7cKOfkiRrXP5WtJvW1mpjSWr7uoZme1V86:+8/AtJes1LJ
Score

1^/10
behavioral29
- Target
  
  XWorm V5.2/XWorm V5.2.exe
- Size
  
  12.2MB
- MD5
  
  8b7b015c1ea809f5c6ade7269bdc5610
- SHA1
  
  c67d5d83ca18731d17f79529cfdb3d3dcad36b96
- SHA256
  
  7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
- SHA512
  
  e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
- SSDEEP
  
  196608:pcWPW6SJ5POYAa23tuQUj7prczC9YNu+/ChWbPP91SDwDrZhd:pce0JtOSSLU3prczy0uqkaIkDtn
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral30
- Target
  
  XWorm V5.2/XWormLoader 5.2 x32.exe
- Size
  
  109KB
- MD5
  
  f3b2ec58b71ba6793adcc2729e2140b1
- SHA1
  
  d9e93a33ac617afe326421df4f05882a61e0a4f2
- SHA256
  
  2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
- SHA512
  
  473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
- SSDEEP
  
  1536:5vjAnXqn2nY7WfRMgPQQrMoqmyVttdGFQeOPigx:5LCan2nY7sdQQAoqmyBeu
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31
- Target
  
  XWorm V5.2/XWormLoader 5.2 x64.exe
- Size
  
  109KB
- MD5
  
  e6a20535b636d6402164a8e2d871ef6d
- SHA1
  
  981cb1fd9361ca58f8985104e00132d1836a8736
- SHA256
  
  b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
- SHA512
  
  35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
- SSDEEP
  
  1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

AgentTesla payload

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32