agenttesla | pe1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pe1.exe
Size

234KB
MD5

79d5e6b532309e45f5eb3942de79da4a
SHA1

cc54005c333e482d0253d9f842f5bdfe9e65396f
SHA256

4ea7d472bdefddb81086b6b8b43d9d3a91f4f1f0e8548d633b74dd760ea9a75f
SHA512

5c34ba93b01ab6b8c166f9286329b9c5ea5b2a875878ca1a62524644b2de99fd607c7690cee7ed86f1e158d6de9d9dbd76f12a8f00a20bcdcfc844a73e488f7f
SSDEEP

3072:sSICmyXv/XnbvEuF0ZV74BT45Pa+XYlvVke:sSICmyXv/XnbvEbZITD+odV

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6444695787:AAEigvgi5Qdnd3hE36eEPMDQelz8m8RewZY/

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pe1.exe

Files

pe1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ