agenttesla | 3f2eb85f3aadf7ca6047eb51afdc3a447d3f15f41eecaaedd8894bf4e858ab98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f2eb85f3aadf7ca6047eb51afdc3a447d3f15f41eecaaedd8894bf4e858ab98
Size

287KB
MD5

dccd11d3ea5ecfd3e6eb4a42c24e49d2
SHA1

03ee39d9a264f5e8b0d9333df5dd904fc86fc6e4
SHA256

3f2eb85f3aadf7ca6047eb51afdc3a447d3f15f41eecaaedd8894bf4e858ab98
SHA512

77db6e7207cd9edb735a3958b10a8a9861c0efc229ed7ddd1be23a868587fe1bc79d7b87409cbfd584e0ab649a6a181401f2b2c051c5ba7a57b4bf89a2c716cc
SSDEEP

6144:T/Epu5Y43oPqW1ajTsBhD0+5M6kmyoXmbQOw:LEpueQSbhj/Ow

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
[email protected]
Password:
@kingmezz.xyz

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f2eb85f3aadf7ca6047eb51afdc3a447d3f15f41eecaaedd8894bf4e858ab98

Files

3f2eb85f3aadf7ca6047eb51afdc3a447d3f15f41eecaaedd8894bf4e858ab98
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ