agenttesla | 7847646a82f2e8118c085c790b12f095[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7847646a82f2e8118c085c790b12f095.bin
Size

84KB
MD5

dbad04826efd2e44ff1eef087f32dae2
SHA1

ba37076439cab056f29182dd99c6018999331464
SHA256

1fa1c97c3078786461d87dcfbad80acb02ee857a5e744b1ee9bee975c49449a4
SHA512

a1486f5f88988b49a29e04aaeb756c2dcfa0c69fe4ea7a0f4d59d7a88a6fe68c48528913467bb5104b80043787a9498c66b519af8732e9ce677f3880df89ea6d
SSDEEP

1536:KtqkmWtXOUZTl/fV9WsAsiYD7ZJ1NV6SPAaO08SWmEVCcDSo4DYamzc1SSi69:KwUe6l3Wjsi6J17I7SWmEsbNuM

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
@qwerty90123
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0f59ce549544ddeaf45168bce4908445413c92c48b7baaefd317e36658796642.exe

Files

7847646a82f2e8118c085c790b12f095.bin
.zip

Password: infected
0f59ce549544ddeaf45168bce4908445413c92c48b7baaefd317e36658796642.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ