Behavioral task
behavioral1
Sample
1384-71-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1384-71-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1384-71-0x0000000000400000-0x0000000000430000-memory.dmp
-
Size
192KB
-
MD5
07a87504cd862663126979f8f4c767b4
-
SHA1
cdd6b24d9c633e8bbbde91d6d009085033767960
-
SHA256
864878443a8c5d4c976be642251b18bb9ced30d392ec858f2d70886366104202
-
SHA512
162a0584386059600412573deac98e0a8cfe5a2b3177174f93e62d6818e3a49afc26a7b2cdea936c25c36254d66184b2c965fa4c966af6fd4f59c0fa22acc41f
-
SSDEEP
3072:Dq/zIdDUzFMhyNcyKqKzn5TgDXa7TiL+McM+pMuHfIQ:DDDUz0HyKqGzJprHg
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6198912739:AAFWwPOzcAOeh_bttxtGKKR_RIR4wgbcmQU/
Signatures
-
Agenttesla family
Files
-
1384-71-0x0000000000400000-0x0000000000430000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ