General
-
Target
XWorm V5.2.exe
-
Size
33.3MB
-
Sample
240527-2ca35sdc93
-
MD5
1c2cd073a230901a06156aaa52937873
-
SHA1
93230345a666090adbb49316a0e77d8f97c4f5f1
-
SHA256
44437ef0c2d0c343704559ffdad6ca996abd284b3f6fb1e87497febb5b29fffc
-
SHA512
d5e0cc9d5bca2318104b531ed9fed9dce7c0a96758b697273909b30d8ff7849a02de767a20ddbac993e653a2f8ef56769664f6841957c2884f5bb07695da85c8
-
SSDEEP
786432:ffvzciPWoAfmxXowcP/2WKq/kqrsDGY3B0AE//3loS:/zce6xjsqrsDnGlb
Static task
static1
Malware Config
Targets
-
-
Target
XWorm V5.2.exe
-
Size
33.3MB
-
MD5
1c2cd073a230901a06156aaa52937873
-
SHA1
93230345a666090adbb49316a0e77d8f97c4f5f1
-
SHA256
44437ef0c2d0c343704559ffdad6ca996abd284b3f6fb1e87497febb5b29fffc
-
SHA512
d5e0cc9d5bca2318104b531ed9fed9dce7c0a96758b697273909b30d8ff7849a02de767a20ddbac993e653a2f8ef56769664f6841957c2884f5bb07695da85c8
-
SSDEEP
786432:ffvzciPWoAfmxXowcP/2WKq/kqrsDGY3B0AE//3loS:/zce6xjsqrsDnGlb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-