Behavioral task
behavioral1
Sample
1364-64-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1364-64-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1364-64-0x0000000000400000-0x0000000000430000-memory.dmp
-
Size
192KB
-
MD5
0bcd8319f4c493b6ebd1ba19403cb6fc
-
SHA1
193b36fe190a0e9716f8fc4f3213e4112d6339e7
-
SHA256
7fdbffe256d50936eb0d97d9df6719c02d5168827b99254404a26ed1517da05c
-
SHA512
80aa740fb5858b5c46a2b2fe815c936b654cabf180a837836185219b6bc8ba17a4ea298a80c90b2d9d36b2fb926fca83299a401013ab8d5dc8310a7adbd7050d
-
SSDEEP
3072:1ejqvRHB7CCpmxdDVx9chFiL/O9ZboPgi4KNbq1Y+:8s7bpkd0FiL/MboP8+iY
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5995325649:AAF8FPfLIOq-sJZTLJ5YMiZs_1YNkLbVv0o/
Signatures
-
Agenttesla family
Files
-
1364-64-0x0000000000400000-0x0000000000430000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ