Behavioral task
behavioral1
Sample
2672-11-0x0000000000400000-0x0000000000442000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2672-11-0x0000000000400000-0x0000000000442000-memory.exe
Resource
win10v2004-20231127-en
General
-
Target
2672-11-0x0000000000400000-0x0000000000442000-memory.dmp
-
Size
264KB
-
MD5
7afe1a35ab6fb836e8742dd20da546ce
-
SHA1
fb8a178c8e51a4d1a82ff971f861fa349ff30288
-
SHA256
201377eefc598942e5b190b580f25256161e445e105d954171c71852301aeee2
-
SHA512
701926dab33f7da2d6e732fd42031efc9388240a676962df442630aac5591be7b2a875886344c042b2e8257a03aecdc871964fd64e8f937f1b7ba897520a1a4a
-
SSDEEP
3072:cA48qS6SeI1GXAc3ui2j5GIl4ZytKabOJJz5lvkA+g:cP8qS6SeI1GwQuvF9l4eKabOHPkv
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flecon.com.sg - Port:
587 - Username:
[email protected] - Password:
8CJN6A87XUIU - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2672-11-0x0000000000400000-0x0000000000442000-memory.dmp
Files
-
2672-11-0x0000000000400000-0x0000000000442000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 235KB - Virtual size: 235KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ