agenttesla | 7481dee30f768b696327e2894a93c7c7[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7481dee30f768b696327e2894a93c7c7.bin
Size

84KB
MD5

fb8355e1cfba5b2aef739e513eebc1ae
SHA1

8d91559fe37eb57fe45321c7f6db2785e797a0b7
SHA256

2b0e8a1f29b79389bf27d80def8ce1555a8ffc23e2e245daa19c74b9696df6ea
SHA512

3a731d80ccd8d48a4457710ab3139e6149b1e7b44517170b650a2ad3679eb0ddbcde44b97243416d054023261b64df95a6ed68e8c4d50149962962597d88ecc4
SSDEEP

1536:38txRqmoVHS6RHSfiYlIGiJK9OHXxiimzCFZ5jPEE9gbR:oWJRiwG213x/m2JjPlqR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.pakpearlintl.com
Port:
587
Username:
[email protected]
Password:
pakpearlintl.com
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0e5780e67bb7a9e84abfcab88ecae382f59b66905ec375ba0e8f7f7a3c3dac15.exe

Files

7481dee30f768b696327e2894a93c7c7.bin
.zip

Password: infected
0e5780e67bb7a9e84abfcab88ecae382f59b66905ec375ba0e8f7f7a3c3dac15.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ