agenttesla | 604a53ef64abeb21ad5ea74b794485fc9719d51575d77bcf0ba8ec5e3c60ec55 | Triage

Sharing

General

Target

604a53ef64abeb21ad5ea74b794485fc9719d51575d77bcf0ba8ec5e3c60ec55
Size

472KB
MD5

e3b9dd2206d777134e43b0aaeac631cf
SHA1

f8c40eba57dc7eb20dad3875fd5e9f3da651256e
SHA256

604a53ef64abeb21ad5ea74b794485fc9719d51575d77bcf0ba8ec5e3c60ec55
SHA512

fa70fa7efa37783dd2f2aab2caec99d1d3d3d77447e652571a8841f62694020d80ad9af2d3f0b8b1284f53c76a1d1e3e37d44237bcd8527e788eb86144e2a666
SSDEEP

12288:QGOzvLvzFvHJGPN5MP7r9r/+ppppppppppppppppppppppppppppp0G:szvLvzFQk1q

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.medicalhome.com.pe
Port:
587
Username:
[email protected]
Password:
MHinfo01
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
604a53ef64abeb21ad5ea74b794485fc9719d51575d77bcf0ba8ec5e3c60ec55

Files

604a53ef64abeb21ad5ea74b794485fc9719d51575d77bcf0ba8ec5e3c60ec55
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ