Behavioral task
behavioral1
Sample
4499077fe4f2c56b509836c30fb2dfc9410d73b0767bbbf88696ca941df6a623.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
4499077fe4f2c56b509836c30fb2dfc9410d73b0767bbbf88696ca941df6a623.exe
Resource
win10v2004-20240508-en
General
-
Target
4499077fe4f2c56b509836c30fb2dfc9410d73b0767bbbf88696ca941df6a623
-
Size
165KB
-
MD5
1990b2894ddc5c880fd0719698058001
-
SHA1
9fc799bbb24905e466ef2a115cd8c0a7a18e2382
-
SHA256
4499077fe4f2c56b509836c30fb2dfc9410d73b0767bbbf88696ca941df6a623
-
SHA512
0b03bf5b687c1b7e93ae8fd85c462b37f1110540284c070b214b384e875bd6d555f38af70c8f86e5414d7eecaf9a8e09ff9967d83fbecd7ec7e1aea61b84e0f3
-
SSDEEP
3072:tCyLGlHofRs5w0/KuqXlCjV/TXrhaUx4oZENGzhOpgl:pMl/KlCNgUzZEMV0g
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server327.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
3L3lvqtPESC3 - Email To:
[email protected]
Signatures
-
Agenttesla family
-
Detect packed .NET executables. Mostly AgentTeslaV4. 1 IoCs
Processes:
resource yara_rule sample INDICATOR_EXE_Packed_GEN01 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4499077fe4f2c56b509836c30fb2dfc9410d73b0767bbbf88696ca941df6a623
Files
-
4499077fe4f2c56b509836c30fb2dfc9410d73b0767bbbf88696ca941df6a623.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 163KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ