Behavioral task
behavioral1
Sample
3094e5f556a928f12da28c70e1eb032e356334382316ddfeac73f6ba84f11e36.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3094e5f556a928f12da28c70e1eb032e356334382316ddfeac73f6ba84f11e36.exe
Resource
win10v2004-20240426-en
General
-
Target
3094e5f556a928f12da28c70e1eb032e356334382316ddfeac73f6ba84f11e36.exe
-
Size
236KB
-
MD5
a295b18a0e1e2cab73d6f085b0f15a87
-
SHA1
0bf386b0b05e4b3befeaa96df36fbb1cfdbb1494
-
SHA256
3094e5f556a928f12da28c70e1eb032e356334382316ddfeac73f6ba84f11e36
-
SHA512
5d4f3e230aeb4e63063a651986d7f375059545cbe1994692e92c0eb16408f8787c7627888d8439c941260ac901948a76ec1157a69eec5325157638b27a6dbcb6
-
SSDEEP
6144:tSgPZesxT0kkE0PVgW0bxcA0grGhH+5Id:XPZesxT0kkE0PVgt2grGh
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.clslk.com - Port:
587 - Username:
[email protected] - Password:
NUZRATHinam1978 - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3094e5f556a928f12da28c70e1eb032e356334382316ddfeac73f6ba84f11e36.exe
Files
-
3094e5f556a928f12da28c70e1eb032e356334382316ddfeac73f6ba84f11e36.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 233KB - Virtual size: 233KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ