agenttesla | cleaned_at_payload[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cleaned_at_payload.exe
Size

222KB
MD5

7aed938186d05ee2d5ceb58a53fb8311
SHA1

2608c7877bc1666b09cf0c3be644df718e20cfaf
SHA256

0664711a047161e39af04815892bb550d492a9e78ede581eb15ca95fbd90776c
SHA512

af9f8eef60149083eeeba0d7256fac6ba780dc8932baa586b81016a105db07cdb6b5f01cfd29d91bd9acebd63bd80817eac685db9a16c0e2a3e06a0e15e92da0
SSDEEP

6144:NIuxPjOYEcwS5+xd6twdHG11nJ4Azwr1:auFjOYBwS5+xdlHUfZ

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.satsllc.ae
Port:
587
Username:
[email protected]
Password:
Ahsan@12345
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cleaned_at_payload.exe

Files

cleaned_at_payload.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ