agenttesla | dfa96309720dabaf4b8692c933f8668f1b68b1353eee8155c95b53f220f84f1f | Triage

Submit
Reports

Overview

overview

Static

static

1

XWorm V5.2.rar

windows11-21h2-x64

Sharing

General

Target

XWorm V5.2.rar
Size

32.0MB
Sample

240613-v5hkcs1enn
MD5

8d26d94be20c6a70a6f8c41c17862e1e
SHA1

50f03ae7510468718494d85ad5531a48ff754dae
SHA256

dfa96309720dabaf4b8692c933f8668f1b68b1353eee8155c95b53f220f84f1f
SHA512

7015aa88c7f959f35a7c1a55ffa51ac78f7e493d07d34a6f54a82a39aa7bd8630d042e48ab5deef51f2d2f00e04d9810939c53db03e3615e050df60ceab418a5
SSDEEP

786432:dHKkxGXsX+VjF41/4HpALo/njj4Y/c8WKgF10dcd:5KkkVjW1gJAM/421WQk

Score

10^/10

agenttesla xworm agilenet keylogger rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

XWorm V5.2.rar

Resource

win11-20240419-en

agenttesla xworm agilenet keylogger rat spyware stealer trojan

windows11-21h2-x64

19 signatures

1200 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

yuLEWnvuwKfOkzcd

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.2.rar
- Size
  
  32.0MB
- MD5
  
  8d26d94be20c6a70a6f8c41c17862e1e
- SHA1
  
  50f03ae7510468718494d85ad5531a48ff754dae
- SHA256
  
  dfa96309720dabaf4b8692c933f8668f1b68b1353eee8155c95b53f220f84f1f
- SHA512
  
  7015aa88c7f959f35a7c1a55ffa51ac78f7e493d07d34a6f54a82a39aa7bd8630d042e48ab5deef51f2d2f00e04d9810939c53db03e3615e050df60ceab418a5
- SSDEEP
  
  786432:dHKkxGXsX+VjF41/4HpALo/njj4Y/c8WKgF10dcd:5KkkVjW1gJAM/421WQk
Score

10^/10

agenttesla xworm agilenet keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- AgentTesla payload
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agentteslaxwormagilenetkeyloggerratspywarestealertrojan

© 2018-2025

Terms | Privacy