agenttesla | 5ea4ab6ffadcecabc1c05b477d45572c9ad84505cd7500f280801f302cb7fc3b

Sharing

Copy URL

Twitter E-mail

General

Target

Dice roll advanced cheat.zip
Size

24.6MB
Sample

240914-tgsvrasgqb
MD5

864bc2212eddc643e4c6c0283ce8840d
SHA1

801bb70c76ea2d8be6a64c64a97982959ee29c6b
SHA256

5ea4ab6ffadcecabc1c05b477d45572c9ad84505cd7500f280801f302cb7fc3b
SHA512

61341d7a336d9c9dbb292aee7f4d572ce384f8764d09bdc3d9adec8db14fcb3b5d2f4637a361dbdd3e1346df45cf8ff8f16330aa2e90a4f18584586a39c1c63a
SSDEEP

393216:jDKcYbhIR60RN3JNEa//Ev8955EkyzMYtpcg2ur7CaIxRGUL6Q5o7WrqX/kysK83:q6RHtJNE525y1o4pcgje7VvqPkZt3

Score

10^/10

Malware Config

Extracted

Family

xworm

distribution-between.gl.at.ply.gg:39183

Attributes

Install_directory
%ProgramData%
install_file
Helper.exe

Targets

- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/AutoUpdater.dll
- Size
  
  368KB
- MD5
  
  c4b11c003ed1e394597f6a5201826a59
- SHA1
  
  8de5d19d0d1638f24718bf87c3245cef74f48341
- SHA256
  
  1a717c40ff7f60c18953b46a69a8fc47cce7dad6116cd3715deb2abf0d80722d
- SHA512
  
  ee93a9bd9f77284af5fe0b4d1ef96fbb0ded00aeb045cae380bfc01be45c76d9d0a481f1d4a6f206124603b99c23a8b6054dcdc65e7e5913373b1739e1b310b1
- SSDEEP
  
  6144:7aU0XFbDW0+JDzXNj8QrGchz6q7V7u85:7aU0XCJDbdnrGyT1
Score

1^/10
behavioral1
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/Dice Roll CheatV2.exe
- Size
  
  23.3MB
- MD5
  
  99197c50cf777691f85ff76130c29186
- SHA1
  
  885a312fee977b740c1100e2091444695da7d58d
- SHA256
  
  e63b97535e194d90756cc01a322550d4fa41a76117799a798ea0a78c6dd940bd
- SHA512
  
  cbfd7080ddc2fd6094d0882da1e9e94c439b9fba6cf7935e45410979c24ebbab372f02e4665b226f829d1a2300965d1278957a2f24d997969f8db37e8091522f
- SSDEEP
  
  393216:9XlObdJ4zYDHwWk5FqBJF/hGn7RcPR5jHnxtSKzfZgvTbbBUcfs7GOa:1lIIYDdKFqBFGuPHTxcKzfATbbBf
Score

10^/10

xworm defense_evasion evasion execution persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables Task Manager via registry modification
  evasion
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral2
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/Dice Roll cheat.py
- Size
  
  11KB
- MD5
  
  0ef93278901b6e81067ac86cef247285
- SHA1
  
  043b242b87de127a4901f76bdaf9ddfb20963a42
- SHA256
  
  ba918bac671e9350090910ce6e31472209ba8d1bcb6cbb702b785dda995a862e
- SHA512
  
  321661770d3a4928bf727e1dff30d5d2839de23e4901f3872e043d4bb5379c814031465ee6ff3311509cb629f4ee03fb154a3f47f9ac92eb54e7e17e19a7b15f
- SSDEEP
  
  192:RV2allUdkZHKkQDQM1aDunKEQLu6syQUOUpLDCdGmpNr9Q9HV9KAQAtXcrroa3qw:RgAlRskQD2eKzC3yQalMJQPMAntYkvpe
Score

3^/10
behavioral3
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/FastColoredTextBox.dll
- Size
  
  327KB
- MD5
  
  daef9c4c042fdfbb3ea124527c543291
- SHA1
  
  480dbb944a073f801329c6b2967152917b0d24c7
- SHA256
  
  233de7664a9db9ffe5c0c3b64640cd8d5551180f1cf47a8a6f615842c8ae891b
- SHA512
  
  51ed6700e2f3a61cec65cb704df4a4843bae315039a1f2d07fcd5db3f391ebf4db0691c83d173ccf8428b1eea7174b0eaf51b6e90a8b377b8dd2d1415429c960
- SSDEEP
  
  6144:/4y/dRrwjgh6nVsSe6L6BF8VhfmGbOyijGzGbsqmLDnmeNZeMq:/4y4gcVsdMMKmGb5z4eN5
Score

1^/10
behavioral4
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c7672c7398a15181e824f80ae753e2ea
- SHA1
  
  75a18c065a5a20433857e3671450e14e29d9de19
- SHA256
  
  8e3e7dc34485e477a3d9995c41ef7c6012a2349bb4bf31f91942fe22dd13addb
- SHA512
  
  b970c9b62df5ce7116e03b25b46aad5c91cf7c3105a6b5f31529a6f69f9bf69ea751521afd59f97a7eec74a7291c60c02f1c54e03bed64c3c2fdc3038a0a35bd
- SSDEEP
  
  49152:cMT3inUIULPeDwTzfr+Zabkjymq7mzeFm:cuSUpO7
Score

1^/10
behavioral5
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/Microsoft.IdentityModel.Abstractions.dll
- Size
  
  19KB
- MD5
  
  2e48807b7510481011362387dadea2d9
- SHA1
  
  6aa89190c95af182d53595c0b269d00c4810a96d
- SHA256
  
  5da894af79f0e5805e1d353358265af2115a18a6a8b13189239ca5d7bf558eda
- SHA512
  
  df4dbbf27b6b82c6504f0610f06490ced4b4cc175de23269eb959a1572ffbe88997ee8f0f540471175672113336aaf46e5f4ca4cd6c977ebdc8f38b725453937
- SSDEEP
  
  384:kLwqMQv/caH1d/mBKDzWdToWapzuHRN7GoLHR9zYqCE73R:kLL9jHWgpzaGgx9znCU
Score

1^/10
behavioral6
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/Microsoft.IdentityModel.Logging.dll
- Size
  
  35KB
- MD5
  
  ae84e22a3f4674617483180b036fb875
- SHA1
  
  9795b5a4ce0936bd98833df038d9163043c5195d
- SHA256
  
  49cd4039f4c8fd0121dcd970b334477276894c75f2155dd24808d87447122dac
- SHA512
  
  490913e1294fd65d1459fbba3f2854eb0026c8bb81cee88de4045bdb66264847e474c6310b06db458d911e599a700b37775e8f3a10094620e1e11e47727adc0e
- SSDEEP
  
  384:WYYA1d2hA8BI/O/Uulv4UmgqPKdaswr8tFWYN48JczWiD4WaLHRN7XMeR9zhY1bH:WYYO2hAeKO/J94U9fQ82W48JIMLf9zc
Score

1^/10
behavioral7
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/Microsoft.IdentityModel.Tokens.dll
- Size
  
  277KB
- MD5
  
  e372527bd66d646830d2c421dbc24e83
- SHA1
  
  f603d2be2be32f0e73a66bac95fb6b06c00858f2
- SHA256
  
  0729c43438fcd94b5a07c68d9fc399b68f7f692a1945554fb0db9fb90c25a5c6
- SHA512
  
  a3c5efd227a591616f6736dfb2f94447a1f4f6931e4a023d3408579d1f1cd57a94f8a5810655d81d12f882dcb7e9f9e65b06783a7708e86e09fe686b809f7fcb
- SSDEEP
  
  6144:O/BO/mQlThiliE87ZUhbqt/wjoqEwX1PuEWD5Y:OP84
Score

1^/10
behavioral8
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/PanelEx.dll
- Size
  
  22KB
- MD5
  
  fb998eadb45883bca79793493087ce7e
- SHA1
  
  8575766cef97477cd1f0f6a4cde4c69dceaf171c
- SHA256
  
  7199f634bc8ac0aba0bb88f5abfe142a023434fef49036338efb51a843386363
- SHA512
  
  07d807509ebf309d2282db63b699e9ccc14a749a64c82ed0890c0c828d3b6c074e65a3484f8ea6e38b3e7972df425565f9f086f0205b95bc686d9e847581dfd4
- SSDEEP
  
  384:8VTVm0QwrPqRrUI/8H3jjbPUS5njlOCwk93Dlai4he6YyqDeqn2/UX+wgCCCCCuX:8VTV3flcKVDym2F
Score

1^/10
behavioral9
- Target
  
  Dice roll advanced cheat/Dice roll advanced cheat/Dice roll advanced cheat/System.Management.dll
- Size
  
  72KB
- MD5
  
  1c71e5310151ce1e9a3a92797776bdad
- SHA1
  
  fd452b874fec4a9dae61a3710fb32749dc7d701e
- SHA256
  
  f515ca5c944c332ab706ff0a7c2e53e66d0d9d8a663e9b2691b35129ee22559b
- SHA512
  
  2a4f18c77449c2d06a3ab6807338f73b03b1faa332e78319829ba3a2b6fd98bb9a83c5e29b47d55e4ce7f0dfdcd8524fa592a0f3ca8ee09daae2894b681265a8
- SSDEEP
  
  768:BrEP45HksbMU3se5c/0b/9nLZV1BCUkVoV0lP7H0CkkiSLJKdbY8Mtuo0eDQP9zu:bbz5wulNV1zkSQzHxkxS9yc8no0nzu
Score

1^/10
behavioral10