General
-
Target
RFQ MT-764439977_exe_PIDb48_RFQ MT-764439977.exe_400000_x86.exe.bin
-
Size
272KB
-
MD5
731b29dda1c6d0efd6dcb5c278a47a9f
-
SHA1
dca94d8866d5d7fd22e7b534ac1a96d93d3bd1f2
-
SHA256
dada116efa7625b544ae214af8319b1c611eae0b544d57646566c5ffa9de0eb2
-
SHA512
3821cb4bb6216125818730286273cf566b2d9434042aef131075ae5bdbcd275e428690627b47ccedc370853e317f2ae3f42e4a963121dca7317f44d76ca9bffb
-
SSDEEP
3072:tuBZ9xtpUVpRcMEqG10agGdRDElc7tUdeFzilm5j+bHhpcI:WZ9xtpUVpRFEqGdg6E2RUCiljHXc
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RFQ MT-764439977_exe_PIDb48_RFQ MT-764439977.exe_400000_x86.exe.bin
Files
-
RFQ MT-764439977_exe_PIDb48_RFQ MT-764439977.exe_400000_x86.exe.bin.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 239KB - Virtual size: 238KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ