agenttesla | obizx_dump[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

obizx_dump.exe
Size

264KB
MD5

d5b7fe6cac36329f22bdcb3b5cb17fbe
SHA1

0749fecb85b56319d5ba0f336f04010f427cbeec
SHA256

88080f19c9f055d11826bcde90abea78f3531317a840e7ddef759192615ca499
SHA512

7bb8a73b7970ac64d26441012278761597940f75ab47e92ac96913ae2f1371cb0bf25ed8b198fbc402621e837ada724bfd7bd731b14f81ba4a0f9cfca71cbe46
SSDEEP

3072:Y9iiqY2SmTxxErFa6b/HGr8H4DEKSM5s:qcNTxxErrb/g8HNKZ

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
obizx_dump.exe

Files

obizx_dump.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ