Behavioral task
behavioral1
Sample
996-912-0x0000000000480000-0x00000000014E2000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
996-912-0x0000000000480000-0x00000000014E2000-memory.exe
Resource
win10v2004-20240419-en
General
-
Target
996-912-0x0000000000480000-0x00000000014E2000-memory.dmp
-
Size
16.4MB
-
MD5
43532ab4f102f635fc592bb16653a064
-
SHA1
d89f10680d49245144d1fceb5bc6965603bd8648
-
SHA256
4a87010cc4a4e0871fc0267d6e1d9de6b8fff610febe5fee02e3845aa286aabd
-
SHA512
6715ea1327d41f5adaa145c12e69f75fa2058bd4490e319b4c150343a6efd6dc714ba36875f4f08b68ac7b5a30b25d4fde99965875a584292afb3000966a9812
-
SSDEEP
3072:FqvpnCyuymi9nDJHfbLQ5gHFu50PS86l:FqvpnCyuymi9nDJHfbLQwF9SX
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
neontechvendors.com - Port:
587 - Username:
[email protected] - Password:
Mustfly@90 - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 996-912-0x0000000000480000-0x00000000014E2000-memory.dmp
Files
-
996-912-0x0000000000480000-0x00000000014E2000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 232KB - Virtual size: 231KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ