agenttesla | 2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06
Size

215KB
MD5

63887685de620285c0f90e507b61570d
SHA1

f1ec526bebf67480a4958e92a38a0d5eb3e2ee8f
SHA256

2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06
SHA512

17d47f36c55aa965ff27dea70589f97987f827643b088c263b8034ba7b9d379c832add2a3bd087df21101800e0b723a1488b434354c1ee0748c1708e00513e29
SSDEEP

6144:mdsKl5UQFpO5jWZ4awaeJ9eZq8KbW8juDW:vi65jWZRebe

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
secure.emailsrvr.com
Port:
587
Username:
[email protected]
Password:
R2ERAr63cBEYaX2Z
Email To:
[email protected]

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06

Files

2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ