Behavioral task
behavioral1
Sample
2116-11-0x0000000000090000-0x00000000000D0000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2116-11-0x0000000000090000-0x00000000000D0000-memory.exe
Resource
win10v2004-20240412-en
General
-
Target
2116-11-0x0000000000090000-0x00000000000D0000-memory.dmp
-
Size
256KB
-
MD5
74bde2a5a607dada9c779f163cbce455
-
SHA1
b46521671879fc5c8e68ff49b39b891be8b8e500
-
SHA256
3bd5ec8d17199c895e255222d2ce5dffbe8b1eeae812e523133e93e6ca50bcf4
-
SHA512
8b08dc404d8c4676a8e8defe13596efd7f9681dc8e8b8de417398e5ba7af29d4c6f62d537deb7e3d3ab484bcd352adf428a1257253eb3e5b3554302a0abb9bac
-
SSDEEP
3072:j41rvGyuyzij5bJROtGwtNs1j57LLzPuUd:j41rvGyuyzij5bJROtptNs1lvz3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
bangalee@cmcapama.top - Password:
EVEitDp@^lu~ - Email To:
bangalee@cmcapama.top
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2116-11-0x0000000000090000-0x00000000000D0000-memory.dmp
Files
-
2116-11-0x0000000000090000-0x00000000000D0000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 232KB - Virtual size: 231KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ