Behavioral task
behavioral1
Sample
3ae1b56b59ab338d533964e3183bcb96075a746785bd45be97373239ce8bf487.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3ae1b56b59ab338d533964e3183bcb96075a746785bd45be97373239ce8bf487.exe
Resource
win10v2004-20240226-en
General
-
Target
3ae1b56b59ab338d533964e3183bcb96075a746785bd45be97373239ce8bf487
-
Size
276KB
-
MD5
0bccf91c1eff179a2f86efe555e7e103
-
SHA1
935207203566d0ee511c3940a6de2c309e9b7754
-
SHA256
3ae1b56b59ab338d533964e3183bcb96075a746785bd45be97373239ce8bf487
-
SHA512
ed1dc7fc4710069252cb86c8b9f2b023e054bf5005dd34ae61f6b748c7e0a3dc7b2e6c9f79a76905aeca3a94bd77cb993ad94126182872106ea8d8ba5f380c37
-
SSDEEP
1536:T37l/EYJtuBKCj0SohTWGDFzk1iQHCWKJvox6VMK2OpbgXohLf:TrZCQSotWGDFmi0C64VMKnpbgOf
Malware Config
Signatures
-
AgentTesla payload 1 IoCs
Processes:
resource yara_rule sample family_agenttesla -
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3ae1b56b59ab338d533964e3183bcb96075a746785bd45be97373239ce8bf487
Files
-
3ae1b56b59ab338d533964e3183bcb96075a746785bd45be97373239ce8bf487.exe windows:4 windows x86 arch:x86
476f92c8f9ddbcb805cdc5c61fbc5635
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
NtContinue
Sections
Size: 274KB - Virtual size: 274KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ