agenttesla | 05fada2e6713448dbbe9d21ebb526de06dc06e7c330288f571e929cd6f6e7e6c | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.2.rar

windows7-x64

3

XWorm V5.2.rar

windows10-2004-x64

3

XWorm V5.2...64.exe

windows7-x64

1

XWorm V5.2...64.exe

windows10-2004-x64

Resubmissions

10-05-2024 13:21

240510-ql5hkagf71 10

10-05-2024 13:17

240510-qjnr2age5w 10

Sharing

General

Target

XWorm V5.2.rar
Size

30.2MB
Sample

240510-ql5hkagf71
MD5

d1361d634eb85c119f2b5693d03bd7da
SHA1

456084e4c3802c9da4bcdeb3961ccd00ff19fd56
SHA256

05fada2e6713448dbbe9d21ebb526de06dc06e7c330288f571e929cd6f6e7e6c
SHA512

a195ac5e4092925e05c52034fb33e0819b75ad62354b9f572d3791a26f38f18933d7973bfe8320466aa730ad61add9312d7e52c61947a16e77a7d79102518ac4
SSDEEP

786432:5F9EGIwBLu2TlKnqgLk72OJnUb3gBG+m/v/BPWZ2HVE:5bEGdBLVUndyq0BaBY2HVE

Score

10^/10

agenttesla stormkitty agilenet keylogger spyware stealer trojan

Static task

static1

agilenet agenttesla stormkitty

7 signatures

Behavioral task

behavioral1

Sample

XWorm V5.2.rar

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

XWorm V5.2.rar

Resource

win10v2004-20240508-en

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

XWorm V5.2/XWormLoader 5.2 x64.exe

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

XWorm V5.2/XWormLoader 5.2 x64.exe

Resource

win10v2004-20240426-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  XWorm V5.2.rar
- Size
  
  30.2MB
- MD5
  
  d1361d634eb85c119f2b5693d03bd7da
- SHA1
  
  456084e4c3802c9da4bcdeb3961ccd00ff19fd56
- SHA256
  
  05fada2e6713448dbbe9d21ebb526de06dc06e7c330288f571e929cd6f6e7e6c
- SHA512
  
  a195ac5e4092925e05c52034fb33e0819b75ad62354b9f572d3791a26f38f18933d7973bfe8320466aa730ad61add9312d7e52c61947a16e77a7d79102518ac4
- SSDEEP
  
  786432:5F9EGIwBLu2TlKnqgLk72OJnUb3gBG+m/v/BPWZ2HVE:5bEGdBLVUndyq0BaBY2HVE
Score

3^/10
behavioral1 behavioral2
- Target
  
  XWorm V5.2/XWormLoader 5.2 x64.exe
- Size
  
  109KB
- MD5
  
  e6a20535b636d6402164a8e2d871ef6d
- SHA1
  
  981cb1fd9361ca58f8985104e00132d1836a8736
- SHA256
  
  b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
- SHA512
  
  35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
- SSDEEP
  
  1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

agilenetagentteslastormkitty

behavioral1

behavioral2

behavioral3

behavioral4

agentteslaagilenetkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy