Behavioral task
behavioral1
Sample
2bf5ede926404cce434aae3cd02ff56ed7e144eea4b125a50fefa273cf9ee426.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2bf5ede926404cce434aae3cd02ff56ed7e144eea4b125a50fefa273cf9ee426.exe
Resource
win10v2004-20231215-en
General
-
Target
2bf5ede926404cce434aae3cd02ff56ed7e144eea4b125a50fefa273cf9ee426
-
Size
240KB
-
MD5
c1b38b86e1616785bfbc0dc4a4b1015d
-
SHA1
a5f9352540041cfa5ac36eef7a0cf2cfe4e11d15
-
SHA256
2bf5ede926404cce434aae3cd02ff56ed7e144eea4b125a50fefa273cf9ee426
-
SHA512
e9930f736a6ad40d57db10ffd37c86b6ba726a292d3cc4fea2e50633770545742dc40083758d57d135e3203ded69c87e2e5550b7a48a1e6e598c3cc88fa64f12
-
SSDEEP
6144:A3aqH8hnz+d+kk0k4d5zw7IBLEZ4RtTV1hg:kH8hnz+kkk0kW54Z4/q
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amtechcards.com - Port:
587 - Username:
[email protected] - Password:
]i[a(tUWlmp% - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2bf5ede926404cce434aae3cd02ff56ed7e144eea4b125a50fefa273cf9ee426
Files
-
2bf5ede926404cce434aae3cd02ff56ed7e144eea4b125a50fefa273cf9ee426.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 233KB - Virtual size: 233KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ