Behavioral task
behavioral1
Sample
2648-122-0x0000000072370000-0x00000000733D2000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2648-122-0x0000000072370000-0x00000000733D2000-memory.exe
Resource
win10v2004-20231127-en
General
-
Target
2648-122-0x0000000072370000-0x00000000733D2000-memory.dmp
-
Size
16.4MB
-
MD5
35affb7063a1579a6868ba4111418691
-
SHA1
6eaa126b3127f0fe80d7914e9b12219c91f5c7ad
-
SHA256
82b8f3aeb336c5ed75363f34d9c27150f88e7c8219351e51d127b35271a00a10
-
SHA512
f6f1ab75e65df580c586af05e43aea4c043c97f2f4d58ffbab992283f19c5082fa425eeb7acdf5dcb3ab5f03e7074c62dc49f44428182dda6419b4fe774bad67
-
SSDEEP
6144:6m0xdC+iGypOlGGRUMbYQ1NPvNimqqEg:6PC+iGypOlGCUMb9fPFimq
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.appareljonebd.com - Port:
587 - Username:
[email protected] - Password:
#Admin@1122 - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2648-122-0x0000000072370000-0x00000000733D2000-memory.dmp
Files
-
2648-122-0x0000000072370000-0x00000000733D2000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 232KB - Virtual size: 232KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ