agenttesla | 781466da68612656e87f1c5027d3c6044ad16b5e73aa3f733e7778c053c6b68e | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.2.exe

windows7-x64

XWorm V5.2.exe

windows10-2004-x64

XWormLoade...32.exe

windows7-x64

1

XWormLoade...32.exe

windows10-2004-x64

XWormLoade...64.exe

windows7-x64

1

XWormLoade...64.exe

windows10-2004-x64

Sharing

General

Target

XWorm V5.2.gdsiuhsdfgjkhdfsgfghjidsgdfsuih
Size

30.2MB
Sample

240717-l5aebayfpe
MD5

83a7c690a686f54e475ca76d1fa67156
SHA1

2dcd2eede9a94860638acf47abfafe42276ac653
SHA256

781466da68612656e87f1c5027d3c6044ad16b5e73aa3f733e7778c053c6b68e
SHA512

034e3fd458919a7c08e7585fff47719b645847c998ffbc5eecacbeef60f6fccd650a5e84be92d37c2c99c144aae688bfaf0af9cc27c63f4c30846f44d3fe5210
SSDEEP

786432:SqTmUlBS5rGP8jzSa6O36/9g/pNzOI2zo9oPbUYUJtbKEnwO:JmUlBqrM8jBB6/QfEMoTlUvbKEwO

Score

10^/10

agenttesla stormkitty xworm agilenet keylogger spyware stealer trojan

Static task

static1

agilenet agenttesla stormkitty xworm

9 signatures

Behavioral task

behavioral1

Sample

XWorm V5.2.exe

Resource

win7-20240708-en

agenttesla agilenet keylogger spyware stealer trojan

windows7-x64

7 signatures

60 seconds

Behavioral task

behavioral2

Sample

XWorm V5.2.exe

Resource

win10v2004-20240709-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

60 seconds

Behavioral task

behavioral3

Sample

XWormLoader 5.2 x32.exe

Resource

win7-20240708-en

windows7-x64

4 signatures

60 seconds

Behavioral task

behavioral4

Sample

XWormLoader 5.2 x32.exe

Resource

win10v2004-20240709-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

10 signatures

60 seconds

Behavioral task

behavioral5

Sample

XWormLoader 5.2 x64.exe

Resource

win7-20240704-en

windows7-x64

4 signatures

60 seconds

Behavioral task

behavioral6

Sample

XWormLoader 5.2 x64.exe

Resource

win10v2004-20240709-en

agenttesla agilenet keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

60 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

copyright-minority.gl.at.ply.gg:4568

Mutex

FyjXt4o9DH3Aahsl

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.2.exe
- Size
  
  12.2MB
- MD5
  
  8b7b015c1ea809f5c6ade7269bdc5610
- SHA1
  
  c67d5d83ca18731d17f79529cfdb3d3dcad36b96
- SHA256
  
  7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e
- SHA512
  
  e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180
- SSDEEP
  
  196608:pcWPW6SJ5POYAa23tuQUj7prczC9YNu+/ChWbPP91SDwDrZhd:pce0JtOSSLU3prczy0uqkaIkDtn
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2
- Target
  
  XWormLoader 5.2 x32.exe
- Size
  
  109KB
- MD5
  
  f3b2ec58b71ba6793adcc2729e2140b1
- SHA1
  
  d9e93a33ac617afe326421df4f05882a61e0a4f2
- SHA256
  
  2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae
- SHA512
  
  473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495
- SSDEEP
  
  1536:5vjAnXqn2nY7WfRMgPQQrMoqmyVttdGFQeOPigx:5LCan2nY7sdQQAoqmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral3 behavioral4
- Target
  
  XWormLoader 5.2 x64.exe
- Size
  
  109KB
- MD5
  
  e6a20535b636d6402164a8e2d871ef6d
- SHA1
  
  981cb1fd9361ca58f8985104e00132d1836a8736
- SHA256
  
  b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2
- SHA512
  
  35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30
- SSDEEP
  
  1536:TYogSlNwXosKwOYtV1AS9m3xQyVGNNiLkWNF7XxFqmyVttdGFQeOPigx:TvgSlqGS9m3xQyKNbWNV3qmyBeu
Score

10^/10

agenttesla agilenet keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

agilenetagentteslastormkittyxworm

behavioral1

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral2

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral3

behavioral4

agentteslaagilenetkeyloggerspywarestealertrojan

behavioral5

behavioral6

agentteslaagilenetkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy