agenttesla | 230907-mabjkage85_pw_infected[.]zip | Triage

Resubmissions

12/02/2024, 15:41

240212-s4qhgahe4z 10

07/09/2023, 10:46

230907-mvb1tsgg7t 10

Sharing

Copy URL Twitter E-mail

General

Target

230907-mabjkage85_pw_infected.zip
Size

82KB
MD5

95f1605b3844f821c0f25262e3f21326
SHA1

8d7d6ba0e4c38ab2cdfaa6cbe25b46e76ab09343
SHA256

a20d44fac43d0fecb43eae899fcc3e5f3ef2ebce787735fb8e1e5b9fb5de53ca
SHA512

2e11165f60d427eed1b2e6e0a3ee30426663e1581b4845142e8472ab0f029d39b739a4b487637031f81ee4e22b775547f6a1fc4c9f42b2e1487ad32fc14f8de5
SSDEEP

1536:duzf5gFC9oRW4WcJALTLuToOdJYJvuYXmSijO8TXNUiXR:dwT4ViLT+QBuPrjO86kR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.nutiribio.com
Port:
587
Username:
[email protected]
Password:
zGNVO(l5
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2940-9-0x0000000000400000-0x0000000000430000-memory.dmp

Files

230907-mabjkage85_pw_infected.zip
.zip

Password: infected
2940-9-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ