agenttesla | 0e0a41f28364e81832bada146082b400 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e0a41f28364e81832bada146082b400
Size

183KB
MD5

0e0a41f28364e81832bada146082b400
SHA1

cbcc237450192f6e77c24c1d15271e4f45979a53
SHA256

611eb78fa883a117865bec870932f11051260f07276f8407afba0831abbb08ce
SHA512

ae2ef5ee0dc7f96bd3d5707f6ed40099712ac817dd788316689643fd344d8ec4a77d5d0095d82d2fc2da11f3c30f548f9e67d3ea6dc02abc22b8280ef5d4a9a9
SSDEEP

3072:g19aJnYK6Mn/mPdCV87EWN/j12aAFSFkplCFIiXHa2gIdZ5ZIWj8kkckoN:g19iYanO1/EyB9OgFIOYIb5ZIo8kTt

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.ombakparadise.com
Port:
587
Username:
[email protected]
Password:
ce$%^mirah

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack001/TRASFER SLIP.exe	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TRASFER SLIP.exe

Files

0e0a41f28364e81832bada146082b400
.zip
TRASFER SLIP.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ