agenttesla | rRevisedQuotation[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rRevisedQuotation.exe
Size

245KB
MD5

a3164b25a785cd6ebee79f42912c839b
SHA1

22bb441e4bbe64fd23c49a87a2e17133674a523a
SHA256

7a976ca005082ab7acea1a46330935bfdfeedf70f37f1707122b7335fa7201ae
SHA512

c450caeab4f87a32e8c277cbffff38556b3cc40b77b59e06c783541de3203b5b94356eb770e1c182c1a984b0ed31183824c2678e9bb6ce1290816b45cb8a2e2e
SSDEEP

3072:bloHvUQkoUEmxeoZUgOo8MPKEuH/tCYq05a4jJCCKE:bmvUQkoUEmxpZUgShCYqfsJ3

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.softtricksmedia.com
Port:
587
Username:
[email protected]
Password:
soft#!7som7
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rRevisedQuotation.exe

Files

rRevisedQuotation.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ