agenttesla | 8b582293c0f47373311893252198e3e8fb14b3c84dafd107f4f9e90cd20ee51e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b582293c0f47373311893252198e3e8fb14b3c84dafd107f4f9e90cd20ee51e
Size

88KB
MD5

0c34ab7fc11b2d4c139de3ba8359cc6d
SHA1

1dc3fa962efce093f17d6d58b7e941627f0dc499
SHA256

8b582293c0f47373311893252198e3e8fb14b3c84dafd107f4f9e90cd20ee51e
SHA512

d34d063bbaa3a9ad4faf72e2f1b4fd92d9bc43ac1da41d4b3b111e955e3c893be48309cea790abd3ccb18d57b0d9db7e09dae242cf19b82f4cc872926a8f8d10
SSDEEP

1536:STrq33eQqoUgV5TGk0l5gtFuVM20AGx7pAeVCtBFllOF356m/jGevoHRB:SP2915ykC55C2GzRel03QmvwHX

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.actual-travel.biz
Port:
587
Username:
[email protected]
Password:
xVd0oorDm89;
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/808128a70a02906736f9470ce5659f7f

Files

8b582293c0f47373311893252198e3e8fb14b3c84dafd107f4f9e90cd20ee51e
.zip
808128a70a02906736f9470ce5659f7f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ