Behavioral task
behavioral1
Sample
1980-63-0x0000000000400000-0x000000000043A000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1980-63-0x0000000000400000-0x000000000043A000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1980-63-0x0000000000400000-0x000000000043A000-memory.dmp
-
Size
232KB
-
MD5
f008d61b040f1ba2081d9725aa85cfd3
-
SHA1
19a56d81d573993f8389704c10b390dd45006be4
-
SHA256
bcc03d847422f82da3bd900129e71ff43314ff9a0d3276ab40afb3e52241d272
-
SHA512
43e6ee741781d11c1c3342a6a476db86fb7a19ee0bdd833918411a267059063694f27df7b05d0eedd479e60c10db8d5f3e210d7d13f41011ef0056038abf484b
-
SSDEEP
6144:3cnzWIwMPknYb3pwx3aKGOxp9XUlwvyHuTuTOVCh7+81r7o4r++X2:3cnzWIqa2o+L
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5709417508:AAFi8kugms23_IBD4s5A2tH379owSw9BeVE/
Signatures
-
Agenttesla family
Files
-
1980-63-0x0000000000400000-0x000000000043A000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ