Overview

overview

10

Static

static

10

XWorm V5.3....3.exe

windows10-2004-x64

10

XWorm V5.3....3.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e.zip

  • Size

    24.5MB

  • Sample

    240608-3rwttsac41

  • MD5

    993928e40c5648d0f9c9697405496ffc

  • SHA1

    ba16b05d00eb5e3927ee402daf8e78beca6fcc33

  • SHA256

    cc726e4c6bf344979a92dcbea4aa7c35df7462c6bee507cb901db50bfb798061

  • SHA512

    49dfdb98f3adb0fc2d9ef8c1355e7bc41e0b3a09ec1948cc7dc7baaae7c66ffe98ede4a802868514cde6bc3db46872feb035bef012088e5190274e2e141cdb1c

  • SSDEEP

    786432:kpsX23QgeyHB4/csV/gU9eKC3jJREHm/1bN1UQNu:1X23Qghh40SgU9K+G/1p1f4

Score
10/10
agentteslastormkittyagilenetkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      XWorm V5.3 @BlackHatArchive/XWorm V5.3 @BlackHatArchive/XWorm V5.3.exe

    • Size

      13.8MB

    • MD5

      897201dc6254281404ab74aa27790a71

    • SHA1

      9409ddf7e72b7869f4d689c88f9bbc1bc241a56e

    • SHA256

      f41828bd13a3a85fdf7a1d688b21ce33d2015c3c5f46b4d92ab6ea8ea019e03a

    • SHA512

      2673cd7b927ffc22f3a4b4fbfcb1b4f576c416d67168e486e6d79fdd132129c9e244e36d7b7883a4a1ed51e993cc4384bf24f2fa3129584f2bd43fd16042de20

    • SSDEEP

      98304:rtktdI2TeowYNva0P6olJ93ipte/Giw56/gpeejzhAAsnQqHKrzzIRwG4saY6c2n:rGt3JwVFcV/Gp7jiwzYwENy3W

    Score
    10/10
    agentteslaagilenetkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks