Overview

overview

10

Static

static

10

XWorm.V5.3...64.exe

windows10-2004-x64

10

XWorm.V5.3...64.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    taura.rar

  • Size

    31.0MB

  • Sample

    240613-28yjbavcqd

  • MD5

    fdb465fdc23ee7e457902c509589483c

  • SHA1

    44aad02b569097e778c5ee11fda9ddd9a3d7d514

  • SHA256

    29166732b0ddb6de8368759351e67cb5f42bc8de4fb729e77a5072e77eba5e74

  • SHA512

    2db0b8badd8fa86c0157969664429c214e679f1e7ef3ad21b487e0f9f0fa3f2a03641d2fd168e05d2fe8b579ebe3bc81b3f151d222815604800c440a9ebafe44

  • SSDEEP

    786432:2yZx3IKC5EuVCp3K7ipeEJfi2IjpaPd/tcifA5ILZQ:7x3SJVCprrfi3j+d/2Rb

Score
10/10
agentteslastormkittyagilenetkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      XWorm.V5.3.Optimized.Bin/XWorm V5.3 Optimized Bin/XWormLoader 5.2 x64.exe

    • Size

      109KB

    • MD5

      e6a20535b636d6402164a8e2d871ef6d

    • SHA1

      981cb1fd9361ca58f8985104e00132d1836a8736

    • SHA256

      b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

    • SHA512

      35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

    • SSDEEP

      1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu

    Score
    10/10
    agentteslaagilenetkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks