agenttesla | 2c2e9d772aec9f6700b9a83f7b9386bc0fd1b48d0b1131dd49c46aa859cdffb1 | Triage

Sharing

General

Target

2c2e9d772aec9f6700b9a83f7b9386bc0fd1b48d0b1131dd49c46aa859cdffb1
Size

235KB
MD5

cc8685cd09b9df0a973e80c1428d228f
SHA1

f42533d0f15f0ec71b842e6c96c72db60477e1cd
SHA256

2c2e9d772aec9f6700b9a83f7b9386bc0fd1b48d0b1131dd49c46aa859cdffb1
SHA512

a104ceba2f1a586a09497ca50cf54b660e112f86217102add06e125699afe6e69f47a286549ecf6612872f9f31f2e36f581981618cde1c7d9ca005c2f31ae579
SSDEEP

3072:+luGyuym+Y1Z1Wb5yxgbTm3ydRWzUh15APfxHE6o:+luGyuym+Y1Z1Wb5wgbTMCWzUhYfNEr

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pharmapanel.com.ar
Port:
587
Username:
[email protected]
Password:
Pharma23Panel90
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2c2e9d772aec9f6700b9a83f7b9386bc0fd1b48d0b1131dd49c46aa859cdffb1

Files

2c2e9d772aec9f6700b9a83f7b9386bc0fd1b48d0b1131dd49c46aa859cdffb1
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ