Behavioral task
behavioral1
Sample
4368-11-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4368-11-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win10v2004-20231127-en
General
-
Target
4368-11-0x0000000000400000-0x0000000000444000-memory.dmp
-
Size
272KB
-
MD5
a39d3e820a4866bb1b4c4ccdc9402b1c
-
SHA1
cfcd8f985001516da2e6b54dc145279bb7a9e8ca
-
SHA256
dd84ff7160bccb907debf73544e134972c562d438707c643d361b47b09090dd1
-
SHA512
c1a180c6d4e8d94ff4a72648969671894368fe106194d98d03bc76b5813d4c8d01671638c3753c3fc87b9f42559a7e3a1ef58e90f55ae05316194f1569ee94cc
-
SSDEEP
3072:1Kko0RxRxxBw4jAWa2L0NSeYkIuRu52LBOog1:1Kk/RxRxxBtjA0kf/BLg
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4368-11-0x0000000000400000-0x0000000000444000-memory.dmp
Files
-
4368-11-0x0000000000400000-0x0000000000444000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 241KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ