agenttesla | 4966856889eaed9cff007eea38de5be2[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4966856889eaed9cff007eea38de5be2.bin
Size

85KB
MD5

4e4552c27e86cb431074a1c663569ef5
SHA1

f8b20af43df1371406a28d7e86707a3933406d6c
SHA256

dd263c2cd40b473a47042733c4015d81c780c750f16f88a49dfeef5f03baabdd
SHA512

d2f6d73f331f129b43dea87d613816d4ad08f9aecb4795c2d3213f5632cf78bfe966ad6398edb4eb97de82e05f13d1a09d6f3e76e1c9c51b6840bd995256e32b
SSDEEP

1536:TiLPnSa3UHyuPhZa9fIfJlzImEvMThg5buZr4jb4y1eD9c9gK6PkjF1:2DSa3USu5ZamfJlzlicFGb4yshLK68jv

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
boydjackson.org
Port:
587
Username:
[email protected]
Password:
Bukky101@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c06b3b48c48faf87238f546f15c662269a9a29f34ae3c84eee60bd4ed663c4ed.exe

Files

4966856889eaed9cff007eea38de5be2.bin
.zip

Password: infected
c06b3b48c48faf87238f546f15c662269a9a29f34ae3c84eee60bd4ed663c4ed.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ