agenttesla | bbd19b42209127ad2b015d76f6fc37e35f2c4d751b1b4847a92fd218dd0caf1c | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.2....2.exe

windows7-x64

XWorm V5.2....2.exe

windows10-2004-x64

XWorm V5.2...32.exe

windows7-x64

1

XWorm V5.2...32.exe

windows10-2004-x64

XWorm V5.2...64.exe

windows7-x64

1

XWorm V5.2...64.exe

windows10-2004-x64

Sharing

General

Target

XWorm V5.2.zip
Size

36.0MB
Sample

240528-3sd1eaae48
MD5

d6757d3dbf1a98508f5cc3715df07e64
SHA1

bb5d6cb95edf409792cb59e99faa8d977d6404ec
SHA256

bbd19b42209127ad2b015d76f6fc37e35f2c4d751b1b4847a92fd218dd0caf1c
SHA512

34b9ebb5ca64824419c10d30727fac4660160e55cd793bf66470310ec6d2c4e74c3375f54da062032fa2ca3a38866d6a9f212f4b0911733dda56cd2ca012b5d6
SSDEEP

786432:JpMDUYoUO13WMuw2yCqwU0dDL5i4jYC7bsTsVsjGkkFsi5m557vHWa2gPBri:zfYLO1x2Cwhdf0ffTLjrpIot2a7W

Score

10^/10

agenttesla stormkitty agilenet keylogger pdf spyware stealer trojan

Static task

static1

pdf agilenet agenttesla stormkitty

8 signatures

Behavioral task

behavioral1

Sample

XWorm V5.2/XWorm V5.2.exe

Resource

win7-20240508-en

agenttesla agilenet keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

XWorm V5.2/XWorm V5.2.exe

Resource

win10v2004-20240226-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

XWorm V5.2/XWormLoader 5.2 x32.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

XWorm V5.2/XWormLoader 5.2 x32.exe

Resource

win10v2004-20240426-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral5

Sample

XWorm V5.2/XWormLoader 5.2 x64.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

XWorm V5.2/XWormLoader 5.2 x64.exe

Resource

win10v2004-20240426-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  XWorm V5.2/XWorm V5.2.exe
- Size
  
  12.2MB
- MD5
  
  8b7b015c1ea809f5c6ade7269bdc5610
- SHA1
  
  c67d5d83ca18731d17f79529cfdb3d3dcad36b96
- SHA256
  
  7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
- SHA512
  
  e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
- SSDEEP
  
  196608:pcWPW6SJ5POYAa23tuQUj7prczC9YNu+/ChWbPP91SDwDrZhd:pce0JtOSSLU3prczy0uqkaIkDtn
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2
- Target
  
  XWorm V5.2/XWormLoader 5.2 x32.exe
- Size
  
  109KB
- MD5
  
  f3b2ec58b71ba6793adcc2729e2140b1
- SHA1
  
  d9e93a33ac617afe326421df4f05882a61e0a4f2
- SHA256
  
  2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
- SHA512
  
  473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
- SSDEEP
  
  1536:5vjAnXqn2nY7WfRMgPQQrMoqmyVttdGFQeOPigx:5LCan2nY7sdQQAoqmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral3 behavioral4
- Target
  
  XWorm V5.2/XWormLoader 5.2 x64.exe
- Size
  
  109KB
- MD5
  
  e6a20535b636d6402164a8e2d871ef6d
- SHA1
  
  981cb1fd9361ca58f8985104e00132d1836a8736
- SHA256
  
  b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
- SHA512
  
  35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
- SSDEEP
  
  1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdfagilenetagentteslastormkitty

behavioral1

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral2

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral3

behavioral4

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral5

behavioral6

agentteslaagilenetkeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy