agenttesla | NEAS[.]9d1ac83fb10ec78b893dffb21bf688f9360b1ed034b1889d9f71abcf7c041efe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9d1ac83fb10ec78b893dffb21bf688f9360b1ed034b1889d9f71abcf7c041efe.exe
Size

243KB
MD5

cb3a10a97d9f49e7d7b2e43d345ebec6
SHA1

6d15936939024dbf8f930c33173ef0507c0d70f3
SHA256

9d1ac83fb10ec78b893dffb21bf688f9360b1ed034b1889d9f71abcf7c041efe
SHA512

aac5061b25aee732df72757dd1c74fbfc4fa36580bb1722a4e4cedadc5c213857f99a96eee1606c536c835e607041cafaddc42840fcee0b43289f1a97f33e3d0
SSDEEP

3072:8PtfcixtDhNRLelubGMAk1akJugt6yJLrv5DCLqlPwq:8Ptfxx1hNRLelubGMRJwgtVJLrgud

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.chemitek.co.in
Port:
587
Username:
[email protected]
Password:
@unclep3490
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9d1ac83fb10ec78b893dffb21bf688f9360b1ed034b1889d9f71abcf7c041efe.exe

Files

NEAS.9d1ac83fb10ec78b893dffb21bf688f9360b1ed034b1889d9f71abcf7c041efe.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ