General
-
Target
XWorm V5.2.rar
-
Size
30.2MB
-
Sample
240510-ql5hkagf71
-
MD5
d1361d634eb85c119f2b5693d03bd7da
-
SHA1
456084e4c3802c9da4bcdeb3961ccd00ff19fd56
-
SHA256
05fada2e6713448dbbe9d21ebb526de06dc06e7c330288f571e929cd6f6e7e6c
-
SHA512
a195ac5e4092925e05c52034fb33e0819b75ad62354b9f572d3791a26f38f18933d7973bfe8320466aa730ad61add9312d7e52c61947a16e77a7d79102518ac4
-
SSDEEP
786432:5F9EGIwBLu2TlKnqgLk72OJnUb3gBG+m/v/BPWZ2HVE:5bEGdBLVUndyq0BaBY2HVE
Behavioral task
behavioral1
Sample
XWorm V5.2.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XWorm V5.2.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
XWorm V5.2/XWormLoader 5.2 x64.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
XWorm V5.2.rar
-
Size
30.2MB
-
MD5
d1361d634eb85c119f2b5693d03bd7da
-
SHA1
456084e4c3802c9da4bcdeb3961ccd00ff19fd56
-
SHA256
05fada2e6713448dbbe9d21ebb526de06dc06e7c330288f571e929cd6f6e7e6c
-
SHA512
a195ac5e4092925e05c52034fb33e0819b75ad62354b9f572d3791a26f38f18933d7973bfe8320466aa730ad61add9312d7e52c61947a16e77a7d79102518ac4
-
SSDEEP
786432:5F9EGIwBLu2TlKnqgLk72OJnUb3gBG+m/v/BPWZ2HVE:5bEGdBLVUndyq0BaBY2HVE
Score3/10 -
-
-
Target
XWorm V5.2/XWormLoader 5.2 x64.exe
-
Size
109KB
-
MD5
e6a20535b636d6402164a8e2d871ef6d
-
SHA1
981cb1fd9361ca58f8985104e00132d1836a8736
-
SHA256
b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
-
SHA512
35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
-
SSDEEP
1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-