agenttesla | 544d81e3635ccb9c8cfb0e36ae5e185366e2ed67a9face067e03c05554dfc202 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

544d81e3635ccb9c8cfb0e36ae5e185366e2ed67a9face067e03c05554dfc202
Size

244KB
MD5

27a13174053d5fe7011d763655e3f37e
SHA1

dc5036156fd543a20fd19ac5e8e4daf90cb4d1f5
SHA256

544d81e3635ccb9c8cfb0e36ae5e185366e2ed67a9face067e03c05554dfc202
SHA512

877051e23281458dd7cdecd5540539024cba93beff29d3fc45dfbde8ef1f203e8bbf89387b38eea386b90625046d539a9e35db6a752aad7c1dbc363ee249de1e
SSDEEP

6144:Us3Gpl5dWLY9q0Z+DqK+zJehwFmNBN27/ixf1a2DN+1dKVIHm:N3Gpl5dWLY9q0Z+DqK+zJehwFmNBN27g

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.zilchworld.com
Port:
21
Username:
[email protected]
Password:
P99@Moscow

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
544d81e3635ccb9c8cfb0e36ae5e185366e2ed67a9face067e03c05554dfc202

Files

544d81e3635ccb9c8cfb0e36ae5e185366e2ed67a9face067e03c05554dfc202
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ