General
-
Target
ef9e8448cd4f889c18e36a2d0c8dac80240d4f06e865a0c0647c1a33a136c0b2.bin
-
Size
4.8MB
-
MD5
4618e550a37d0186e99171ddf62ef31a
-
SHA1
5615b79ae393ed7f6685e0bec437bb590728a199
-
SHA256
ef9e8448cd4f889c18e36a2d0c8dac80240d4f06e865a0c0647c1a33a136c0b2
-
SHA512
bd78d776273bf316fd859f3f1cf91fc3a52f37cfd50d944ac7abfab3c9ac66712a672ce29e4041414426f73eb1f0a9869c5a1b734abef503056bf3af187f0f3b
-
SSDEEP
6144:QuiASPhYS2hREu+fZUd/sEJAp4lkhap64B+j5vqMgoe:QuGPhYS2EBfuHf
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5729374237:AAEdSD-W5rWlJyyU5nwVKvjLxJBT1jTdKRY/
Signatures
-
Agenttesla family
Files
-
ef9e8448cd4f889c18e36a2d0c8dac80240d4f06e865a0c0647c1a33a136c0b2.bin.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 208KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ