agenttesla | c7a05008c80ac856381ff6b6f5a13a1d05f141cef6bf2344f029eccece987d07 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7a05008c80ac856381ff6b6f5a13a1d05f141cef6bf2344f029eccece987d07
Size

82KB
MD5

ef5b14110892e90d3e5c6a895348d796
SHA1

33b48c3afb4fd665611b785d350f7dcb5026f244
SHA256

c7a05008c80ac856381ff6b6f5a13a1d05f141cef6bf2344f029eccece987d07
SHA512

7763747c310897f244b523973a8b7c645ba1298fb30869ca5d9855ead4ef53e74a3cf9858f08425a4a0b395b2d2462fe6afd008561e5de40c37fb9f9652609be
SSDEEP

1536:CIda1wC+0+prbwhrMBM6eVBu1HXUbIzGr1UgvuAIAXCGJuNZPccX44GX:Ldame+JbwhsMJrk34b1iv8M9cQ4J

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.grupovamex.com
Port:
21
Username:
[email protected]
Password:
bu%wqhrVi,Qv

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Winbankcopy.exe

Files

c7a05008c80ac856381ff6b6f5a13a1d05f141cef6bf2344f029eccece987d07
.zip
Winbankcopy.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ