agenttesla | 0a51665abe4ad3a7be41da49a0d50d4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a51665abe4ad3a7be41da49a0d50d4b
Size

291KB
MD5

0a51665abe4ad3a7be41da49a0d50d4b
SHA1

80731d1c6bcfaad50691a1abdcca10ed65f89147
SHA256

656acdcea0d72a524b8e0784094991e7a06bd8a17e82a4e03949ac8f64b1d462
SHA512

68549b49434627f65985a23ed9192b1126c9362bb109a759cf2a5304d575de5d98319ad9b942d928e7b0fade82823c20acfb20b540d485853d0d0c13bb650b3d
SSDEEP

6144:B/AIe5LQ9/HP4fX7vmP9wKAquW6EZbPoaTVR:BYIoLvSRdoaTVR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.centredebeautenellycettier.fr/
Port:
21
Username:
[email protected]
Password:
Aloraboy21@

Protocol: ftp
Host:
ftp://ftp.centredebeautenellycettier.fr/
Port:
21
Username:
[email protected]
Password:
Aloraboy21@

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a51665abe4ad3a7be41da49a0d50d4b

Files

0a51665abe4ad3a7be41da49a0d50d4b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.g
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ykjip
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ