agenttesla | 4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d.exe
Size

233KB
MD5

5685c9e77543164f93d8b427460635e9
SHA1

09a58f47a6edbf76083803d87366bb7e8f9f07c6
SHA256

4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d
SHA512

f3c09abc8b9e4dedd98fa2c935edfea74f72a701613394bdea1e0bee2ae20b0e879ffc1a536a37ba0450a297fc92b37ac3a9bc4f769eb3a7492dd285c836e8b4
SSDEEP

3072:EbYCeMoUAMw0HXSI5rRWZmImxHGly5ugDD15:bCeMoUAMw0HXSIHWZmI2HGlCDx

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://eu-west-1.sftpcloud.io
Port:
21
Username:
dc2d3038d5c743319b4d84cc320c4fad
Password:
xmFBI1ctaq8b1qv5SWZ3AOzpG1Yb6y2K

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d.exe

Files

4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ