General
-
Target
XWorm_V5.3.zip.html
-
Size
18KB
-
Sample
240721-tsm4msxcqp
-
MD5
8fbd8e11b3add23e26570e9c7dc51482
-
SHA1
dff6469f9381114036758c9c545311af85ece7a8
-
SHA256
c2d70973015cd682314a48fe1271dbb363b195a0b811a20972dbced001f2e0b5
-
SHA512
7e6398bb353118e9776835dde6cdb1a6e68235be70333311d68dfcd18a4d1830f30ac3eafb3ddb4cbac52c6586784c24a934582993ba7ab19ce0af3eea882008
-
SSDEEP
384:eQJylIn7xpYwuu504YHeHYSDRzhU3E8+UUKIz40qoss5u3MJ:eQJCIn7XY20t0DRzh4E8+UUKIz40qosK
Static task
static1
Malware Config
Targets
-
-
Target
XWorm_V5.3.zip.html
-
Size
18KB
-
MD5
8fbd8e11b3add23e26570e9c7dc51482
-
SHA1
dff6469f9381114036758c9c545311af85ece7a8
-
SHA256
c2d70973015cd682314a48fe1271dbb363b195a0b811a20972dbced001f2e0b5
-
SHA512
7e6398bb353118e9776835dde6cdb1a6e68235be70333311d68dfcd18a4d1830f30ac3eafb3ddb4cbac52c6586784c24a934582993ba7ab19ce0af3eea882008
-
SSDEEP
384:eQJylIn7xpYwuu504YHeHYSDRzhU3E8+UUKIz40qoss5u3MJ:eQJCIn7XY20t0DRzh4E8+UUKIz40qosK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-