agenttesla | 38fac24186205e7e454668f493ee4be8[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38fac24186205e7e454668f493ee4be8.bin
Size

82KB
MD5

eccdae3bb6aced3fabc06097c0c19c42
SHA1

3ad347035b7122b2a05cd009c94f3619436e11c0
SHA256

69649e8d23eeda316599521a49209d76fe5dc4c1383024a355a8443d351e1dc3
SHA512

1db5902bf60848d19a9d8d02bf0cd36b7f10fa8215ab67c71d608e05c8ce31b148a1cf819f86fd23493b9bf8c324b158ef34c6c5756aba5da1f82e7d4f902164
SSDEEP

1536:k9YGUzlJh/C/g4HwnI32QOOMiIee9frvsSiKu7O/Ea6GSRCMEMYs5v1RXpTMqnrj:Hv/C/g4HAI35OMIee9zv1iK918YspfXt

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
colicontjal.org.mx
Port:
587
Username:
[email protected]
Password:
@EO$07[XSZw)
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10278cf5ab1c5f5546dfb1304bbda18ca675a0e8e1349dcb0ef31ed6194faf8c.exe

Files

38fac24186205e7e454668f493ee4be8.bin
.zip

Password: infected
10278cf5ab1c5f5546dfb1304bbda18ca675a0e8e1349dcb0ef31ed6194faf8c.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ