Behavioral task
behavioral1
Sample
2640-10-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2640-10-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win10v2004-20231130-en
General
-
Target
2640-10-0x0000000000400000-0x0000000000444000-memory.dmp
-
Size
272KB
-
MD5
5fdf690f852302cb029e5030134038ef
-
SHA1
5b8ed33a172249c68a1fbfd7ba11aabe36e9329b
-
SHA256
41f95a41e939c42b8dd969667f4a24b7d21dbaf7e8d2613268c30c078f12010e
-
SHA512
f3ac8f8a83652cc29d9305f82ceda33371311498bc159a81a831e76de7ab55576e8a9d2e462a5b6bee418deaca36fed4c8c74db10c57ad850cf8f28745fda852
-
SSDEEP
3072:8+ZMgM4MHLwbJPg6GmGAg7Nz+qY53/4HO7o:8+ZMgM4MHLwytmGAgRzrbH0o
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@# - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2640-10-0x0000000000400000-0x0000000000444000-memory.dmp
Files
-
2640-10-0x0000000000400000-0x0000000000444000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ