General
-
Target
e.zip
-
Size
24.5MB
-
Sample
240608-3rwttsac41
-
MD5
993928e40c5648d0f9c9697405496ffc
-
SHA1
ba16b05d00eb5e3927ee402daf8e78beca6fcc33
-
SHA256
cc726e4c6bf344979a92dcbea4aa7c35df7462c6bee507cb901db50bfb798061
-
SHA512
49dfdb98f3adb0fc2d9ef8c1355e7bc41e0b3a09ec1948cc7dc7baaae7c66ffe98ede4a802868514cde6bc3db46872feb035bef012088e5190274e2e141cdb1c
-
SSDEEP
786432:kpsX23QgeyHB4/csV/gU9eKC3jJREHm/1bN1UQNu:1X23Qghh40SgU9K+G/1p1f4
Behavioral task
behavioral1
Sample
XWorm V5.3 @BlackHatArchive/XWorm V5.3 @BlackHatArchive/XWorm V5.3.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
XWorm V5.3 @BlackHatArchive/XWorm V5.3 @BlackHatArchive/XWorm V5.3.exe
-
Size
13.8MB
-
MD5
897201dc6254281404ab74aa27790a71
-
SHA1
9409ddf7e72b7869f4d689c88f9bbc1bc241a56e
-
SHA256
f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a
-
SHA512
2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20
-
SSDEEP
98304:rtktdI2TeowYNva0P6olJ93ipte/Giw56/gpeejzhAAsnQqHKrzzIRwG4saY6c2n:rGt3JwVFcV/Gp7jiwzYwENy3W
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-