agenttesla | Scorpion-Premium_Generateur[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Scorpion-Premium_Generateur.rar
Size

980KB
MD5

3b2cb314b5b5baa26d127294e057e748
SHA1

07046b1266adf3030dcbf39afbd25f9ffb395eab
SHA256

26c686e04dfd913161d239e2cb51ceb87bd5d68422f7555aa5f8d9eb1873997e
SHA512

f77f36fb72b15dd88aa7e1595e6ed042ab5ae6be90b8ab8ff59700122495eecf48ffc66ccc86fceb5d41f885d82d5bf6150fbce5a73b69cb064da8800cc82b4d
SSDEEP

24576:6dp6aQMljxgBEKi9J2nKd123qH/3WzCJ6ZmcFA0qwJiFMp2Fq:6doaQMlj+a5R16qOzRZr7qwyMUg

Score

10^/10

agenttesla

Malware Config

Signatures

AgentTesla payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/dddd/Guna.UI2.dll	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/dddd/Guna.UI2.dll
unpack001/dddd/Générateur Scorpion-Premium.exe
unpack001/dddd/LogIn Theme Dll By xVenoxi.dll
unpack001/dddd/theme.dll

Files

Scorpion-Premium_Generateur.rar
.rar
dddd/Guna.UI2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dddd/Générateur Scorpion-Premium.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

[iLN
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[iLN
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 651KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

B56422AA
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dddd/LogIn Theme Dll By xVenoxi.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\xVenoxi\documents\visual studio 2013\Projects\Theme Dll By xVenoxi\Theme Dll By xVenoxi\obj\Debug\LogIn Theme Dll By xVenoxi.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dddd/theme.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Josh\Documents\Visual Studio 2012\Projects\theme\theme\obj\Debug\theme.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

[iLN Size: 86KB - Virtual size: 86KB

[iLN Size: 86KB - Virtual size: 86KB

.text Size: 651KB - Virtual size: 650KB

.rsrc Size: 265KB - Virtual size: 264KB

B56422AA Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 101KB - Virtual size: 100KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 71KB - Virtual size: 70KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

[iLN
Size: 86KB - Virtual size: 86KB

[iLN
Size: 86KB - Virtual size: 86KB

.text
Size: 651KB - Virtual size: 650KB

.rsrc
Size: 265KB - Virtual size: 264KB

B56422AA
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 101KB - Virtual size: 100KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 71KB - Virtual size: 70KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B