Behavioral task
behavioral1
Sample
2400-930-0x0000000000480000-0x00000000014E2000-memory.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2400-930-0x0000000000480000-0x00000000014E2000-memory.exe
Resource
win10v2004-20240426-en
General
-
Target
2400-930-0x0000000000480000-0x00000000014E2000-memory.dmp
-
Size
16.4MB
-
MD5
e8b41190f914b73972352b25f1973462
-
SHA1
9344c90a3c57e35c2bb537c263fc356c3d585e64
-
SHA256
40aa3b7ba599e917fe7194faf678bcfd0a9f604ad19cb812db32038ebc2be6e4
-
SHA512
9181ea1d388f1579b6ed3c34debd0c93d085aafac8d237be469b6668e75985bd41bdd3176741610f047db86e34a3ca1da1fff35356b9374aeaf5e5cbbd99af85
-
SSDEEP
3072:2PeCslxVZlVH0xoetbCVpKhA9snJmgPU5O+mFTmB:2PeCslxVZlVH0xoetbCVpKMMMgP/nFy
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
neontechvendors.com - Port:
587 - Username:
[email protected] - Password:
Mustfly@90 - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2400-930-0x0000000000480000-0x00000000014E2000-memory.dmp
Files
-
2400-930-0x0000000000480000-0x00000000014E2000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 232KB - Virtual size: 231KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ