General
-
Target
37c4523f-2663-4324-b3d4-463104b5126c.exe
-
Size
237KB
-
MD5
06ad9d5a3c9faf3596e5f0af2df6dbfa
-
SHA1
9de2530401613b1e1fa4e9022cfd3eaa9e33edc2
-
SHA256
3479a61e5df7c0f82d1392647da45b9d7078a4349e4b57e7076fa607b0f757e1
-
SHA512
02494f815d0196f445403bb95ac56d6e91907e82a916d63b78c2a04593b93632ac9252de915848039c3246b0daaccfe38ceb397f6ea73ae3a0d5cb2f429c317e
-
SSDEEP
3072:ChP38yoMuJnuQO1iJc+GWJGdzszvZ7mFya+W6:C4lnuQO1iJc+GWJGdzUxmv
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6370641198:AAGVR88A8TbK5U_aO70pSYz0e-WNhTseH6M/
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 37c4523f-2663-4324-b3d4-463104b5126c.exe
Files
-
37c4523f-2663-4324-b3d4-463104b5126c.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 235KB - Virtual size: 234KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ