agenttesla | 1[.]bin[.]zip | Triage

Sharing

General

Target

1.bin.zip
Size

81KB
MD5

e368d0f3fdd028ec18ba9420f79e3245
SHA1

eb2fc154c148c105fa6159d47b6215497f3fa199
SHA256

96008298e97996892e74d426f7d5dab61e1730c8627f407e5fcff0d1ec21293a
SHA512

2f1fbd602d3c6efe9accdc6faf5b79929be08cea22ee91dc9dae0aa847ea8e13a23b3fcecf75ccba42aad8ee7ea91e41b37840d8b2f8e87c5adf5a09ec3343c6
SSDEEP

1536:mDWd2NWlWrXp5wN29aqtfn5YKRamQ67y6Pja+6nGQJLNrRMkk5Cu:+DnXTwN29a4fn5YK9Q6e6Pja+6hnytR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
ubduipymcemperot
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1.bin

Files

1.bin.zip
.zip

Password: infected
1.bin
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ