Behavioral task
behavioral1
Sample
1548-1001-0x0000000000400000-0x0000000000442000-memory.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
1548-1001-0x0000000000400000-0x0000000000442000-memory.exe
Resource
win10v2004-20231130-en
General
-
Target
1548-1001-0x0000000000400000-0x0000000000442000-memory.dmp
-
Size
264KB
-
MD5
8dbdef1a5019d655689fe58377ec5815
-
SHA1
c6d872695a5b5af827c021e23aa11867b258afcf
-
SHA256
4adb93abbd8d16b35c8429a764c97fe72c25c2b5b7fae9e31ebb7e15f8d52eca
-
SHA512
0396418ba4286d45092258badc1f0cd707694ee3e45091eeedeb2345e3d29bdc19385e4118ae1beb73b7edb8196cee73272526d56e269c0dbc72500a7b09f997
-
SSDEEP
3072:D9XGyuymfuvg+8Vb6pBA6c6YTX5QaEgCRQ:D9XGyuymfuvg+ub6pOH6YTggW
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1548-1001-0x0000000000400000-0x0000000000442000-memory.dmp
Files
-
1548-1001-0x0000000000400000-0x0000000000442000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 232KB - Virtual size: 232KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ