Behavioral task
behavioral1
Sample
1752-70-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1752-70-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1752-70-0x0000000000400000-0x0000000000430000-memory.dmp
-
Size
192KB
-
MD5
c8ee342c4178200641a835dcb8f1ab9d
-
SHA1
7a4cd21dfcd0f25aece1401355132c0c0c7f7c9b
-
SHA256
4e5afd335dc2eaa925f9ae6252aab3e7302d22e50f074ab9d8422467026c248b
-
SHA512
8f40a574404f1c4086b1dc2bd3e075ec38c95aa08e49bbd180756c280dcb229fb004670dd232130b39ce4bb3468c9d97ad4c3dbc80f2e7635e63ec96162cd2a5
-
SSDEEP
3072:QmWhdPw1GOh1dSANaswxxFcEfpoLF9KZhVLDCX:u7w1ldS0rEfp2aNLOX
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.embon.com.ar - Port:
587 - Username:
[email protected] - Password:
Embon2018nov - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1752-70-0x0000000000400000-0x0000000000430000-memory.dmp
Files
-
1752-70-0x0000000000400000-0x0000000000430000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ