General
-
Target
XWorm V5.2.rar
-
Size
30.8MB
-
Sample
240516-p1dsqadg88
-
MD5
fedb5514599b1b6b2583d2d02f67b18d
-
SHA1
30bf61c43970f8f60e8770f649ab9a406020ac18
-
SHA256
fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb
-
SHA512
3bae5883c01222d537dde94cf4a8aedf86023349be2c742f7e6aa78e9faafc10dcd596968773e8287a58051d7696c2024aedd6704f11a3a1fc2c5fdbf17861f7
-
SSDEEP
786432:+yMMBOS745XHHdXOXZCJxMJW18F3JhLDj55I7cTFXPz:dBzEtn0QJ2g12Jhnt9Zb
Behavioral task
behavioral1
Sample
XWorm V5.2.rar
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
XWorm V5.2.rar
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
XWorm V5.2.rar
-
Size
30.8MB
-
MD5
fedb5514599b1b6b2583d2d02f67b18d
-
SHA1
30bf61c43970f8f60e8770f649ab9a406020ac18
-
SHA256
fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb
-
SHA512
3bae5883c01222d537dde94cf4a8aedf86023349be2c742f7e6aa78e9faafc10dcd596968773e8287a58051d7696c2024aedd6704f11a3a1fc2c5fdbf17861f7
-
SSDEEP
786432:+yMMBOS745XHHdXOXZCJxMJW18F3JhLDj55I7cTFXPz:dBzEtn0QJ2g12Jhnt9Zb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-