Behavioral task
behavioral1
Sample
2184-11-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2184-11-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win10v2004-20231130-en
General
-
Target
2184-11-0x0000000000400000-0x0000000000444000-memory.dmp
-
Size
272KB
-
MD5
0911b441ef2fc91d0a02748df9f46728
-
SHA1
e02d7128a56f88b2f171ee127e99ed0f447447da
-
SHA256
e8420c32cbdb27713536b1cd2765ce22b7e5566f96db617a6b3aae15bd78de71
-
SHA512
916266974fa2aeeb358b3436edd76fb575671507eeb661b06eef4f39fa901666e49a515855c2b1b0a21dd189b9bb50ccfb313bbca059ef93c9b7ca261d0119df
-
SSDEEP
3072:T3VEpLfLXbnBufyvd5QiWiu7iLy5tLBWV0Nid:T3VEpLfLXbnBufyYiEWLgBWG
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6631345683:AAG0KAitVqlRPe3J9NARhlF8IRjRjuxDyK8/
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2184-11-0x0000000000400000-0x0000000000444000-memory.dmp
Files
-
2184-11-0x0000000000400000-0x0000000000444000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 244KB - Virtual size: 243KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ