agenttesla | NEAS[.]2d84bf5c07a7ef4e67565eb38180ae60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2d84bf5c07a7ef4e67565eb38180ae60.exe
Size

383KB
MD5

2d84bf5c07a7ef4e67565eb38180ae60
SHA1

a3a5155e32e13508a04dc2b914c088270523d5ef
SHA256

c51fa17f765d4e3124680c536bf2a5d3264b291550823ed576b82de2e3332c20
SHA512

30a92cb3ac4b1f0bfb567cbbc78a21d62542d931aa2816d32c8dac09fb18f135b72c6a9b5971bc471c66711589e641fcd783c04cf460c9aac24fec036f9a279e
SSDEEP

6144:KemlS3OzPFZi/bBlwqq4aNoc/ILOCgCB19GFx7bhomTV7oLqvwgG:KeB3oP0bz84aK/gromTV7uq4gG

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.delhicambridgeschool.com
Port:
587
Username:
[email protected]
Password:
information@123@

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2d84bf5c07a7ef4e67565eb38180ae60.exe

Files

NEAS.2d84bf5c07a7ef4e67565eb38180ae60.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.asrf
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.fe
Size: 512B - Virtual size: 8KB

lyXeUTnJ
Size: 512B - Virtual size: 85B

XMTxHFQM
Size: 12KB - Virtual size: 11KB

NKffbpKR
Size: 41KB - Virtual size: 41KB

fIrcopGR
Size: 13KB - Virtual size: 12KB

EdQfKHnG
Size: 1024B - Virtual size: 592B

HkAiiPPu
Size: 512B - Virtual size: 14B

cPnJRcQw
Size: 10KB - Virtual size: 10KB

MtnYBmEx
Size: 4KB - Virtual size: 3KB

ywcumzZz
Size: 512B - Virtual size: 79B

rqkImYAc
Size: 7KB - Virtual size: 6KB

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.asrf Size: 289KB - Virtual size: 289KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 12B

.fe Size: 512B - Virtual size: 8KB

lyXeUTnJ Size: 512B - Virtual size: 85B

XMTxHFQM Size: 12KB - Virtual size: 11KB

NKffbpKR Size: 41KB - Virtual size: 41KB

fIrcopGR Size: 13KB - Virtual size: 12KB

EdQfKHnG Size: 1024B - Virtual size: 592B

HkAiiPPu Size: 512B - Virtual size: 14B

cPnJRcQw Size: 10KB - Virtual size: 10KB

MtnYBmEx Size: 4KB - Virtual size: 3KB

ywcumzZz Size: 512B - Virtual size: 79B

rqkImYAc Size: 7KB - Virtual size: 6KB

.asrf
Size: 289KB - Virtual size: 289KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 12B

.fe
Size: 512B - Virtual size: 8KB

lyXeUTnJ
Size: 512B - Virtual size: 85B

XMTxHFQM
Size: 12KB - Virtual size: 11KB

NKffbpKR
Size: 41KB - Virtual size: 41KB

fIrcopGR
Size: 13KB - Virtual size: 12KB

EdQfKHnG
Size: 1024B - Virtual size: 592B

HkAiiPPu
Size: 512B - Virtual size: 14B

cPnJRcQw
Size: 10KB - Virtual size: 10KB

MtnYBmEx
Size: 4KB - Virtual size: 3KB

ywcumzZz
Size: 512B - Virtual size: 79B

rqkImYAc
Size: 7KB - Virtual size: 6KB