agenttesla | 0x000b000000012326-58[.]dat | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0x000b0000...58.exe

windows7-x64

1

0x000b0000...58.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0x000b000000012326-58.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000b000000012326-58.exe

Resource

win10v2004-20220901-en

collection spyware stealer

windows10-2004-x64

9 signatures

150 seconds

General

Target

0x000b000000012326-58.dat
Size

209KB
MD5

ec47cb00fe954c0e17efc2b31914f00c
SHA1

3225eb91a5583deb4d1dfd493d53dfc39b3a583d
SHA256

358e5bc194d44804af5ad190433675069ebe55fc499d617eeb3564c4753ed943
SHA512

24f6cad23ddd6f06967a868f66a9cb2a80116e99c37fe767c36b16419bc311ff3df44fadc3249102903c207f16619c3f7741779c1790e708b22af13bd6f2952d
SSDEEP

3072:MyV2PuG8Qglsmfi5JyB2CdG8FUqbnwm9Jk0ySoEXJffxXdOHzkY62r1hQBk4:1Vk8aMRHUqbnwm7HzoenLOT7jQ

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.miccaviation.com
Port:
587
Username:
caguilar@aerosupplysusa.com
Password:
KpVJmvz2

Signatures

Agenttesla family
agenttesla

Files

0x000b000000012326-58.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.