agenttesla

General

Target

armdot deobf(1).zip
Size

1.0MB
Sample

240909-xxpd2svejj
MD5

f2d19f24bd8985be493a25117b21c73d
SHA1

6e8161c1616f26899d1b4eb8b0084365c5e9363a
SHA256

8edfb7ccc0bfe7beb2861ccaa3680f2bb8964f710d379630d3802c1daf94d46d
SHA512

aeaeffed338f5a20c2846b0a2c53a1e3295e617605c3c8b10c1b4cd3e1cb41eeb431c9ee7e2d47f5127495c92fcdfb2823f8ad3ca218dff82784b385a2b81ea4
SSDEEP

24576:GlTwDsF0FIghxbbYzB3HF6sqiLUVU/hI8WHT6Y96:lDsF1ghxbMzD6sqiLUVPHT6Y96

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:58347

continue-silk.gl.at.ply.gg:58347

Mutex

KMhtquBvrnZVYr5C

Attributes

Install_directory
%LocalAppData%
install_file
svchost.exe

aes.plain

Targets

- Target
  
  skibidi armdot/Armdot Deobfuscator.exe
- Size
  
  275KB
- MD5
  
  c4a8904f29c5672da081a5330718d414
- SHA1
  
  3ad3cd5a5282f972ffabb32ccf4e1e48046cf115
- SHA256
  
  fe3d17a9089e89239bf3249f4d5ad077ca8e5d51bbff4598653681e621967cd8
- SHA512
  
  62ff900942e4637b458cd12f830a9dfde08a4aa47052e4521d8357ad8c38b44c5dee9156b78980a13fd28a1b95c239c26933ec484eff24c098517900ec3d5698
- SSDEEP
  
  6144:49viKRu0lfe2udI3UflLdGCh+gDt39/PyMrMycwljWXCw:4huQREf9d5b3B1rMejW
Score

10^/10

agenttesla xworm discovery execution keylogger rat spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- AgentTesla payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  skibidi armdot/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral2