General
-
Target
m16XClientn.bat
-
Size
60KB
-
Sample
240524-wcq7gaeb45
-
MD5
322ea0b2359b53869e96a92ce89f0d9e
-
SHA1
c175334e858e2e6761202e7546201b26faefb911
-
SHA256
9eb06cfb9cd881338d93b6e2cad6e6a4bd823c44d0128a047e85fa14f278e76c
-
SHA512
080bb6189372bf55e533923a8f7cad393ecaccccff23ce578efe7104cc76779320faa43aa6b27fc43e63e0ea15f246ff38fccc91b5ebe6c5d4476daabde38c8f
-
SSDEEP
1536:qHRDZwBvoIeYCOoeK9PlcXmmHaoifEJ0SzAw:qHRDZwRN0cXGcJ0xw
Static task
static1
Behavioral task
behavioral1
Sample
m16XClientn.bat
Resource
win7-20240508-en
Malware Config
Extracted
xworm
3.1
134.255.233.93:7000
OXTS79ak3lwQUaDQ
-
install_file
USB.exe
Extracted
agenttesla
https://api.telegram.org/bot6840755276:AAHEhHpmlrUuXaIUnKpuniBmO-DaNx3tnLo/
Targets
-
-
Target
m16XClientn.bat
-
Size
60KB
-
MD5
322ea0b2359b53869e96a92ce89f0d9e
-
SHA1
c175334e858e2e6761202e7546201b26faefb911
-
SHA256
9eb06cfb9cd881338d93b6e2cad6e6a4bd823c44d0128a047e85fa14f278e76c
-
SHA512
080bb6189372bf55e533923a8f7cad393ecaccccff23ce578efe7104cc76779320faa43aa6b27fc43e63e0ea15f246ff38fccc91b5ebe6c5d4476daabde38c8f
-
SSDEEP
1536:qHRDZwBvoIeYCOoeK9PlcXmmHaoifEJ0SzAw:qHRDZwRN0cXGcJ0xw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-