agenttesla | 605c91c3cb8341ebc6892bf6512e5a676d2cc7dae9051e195bc792ae7edb0b79 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

605c91c3cb8341ebc6892bf6512e5a676d2cc7dae9051e195bc792ae7edb0b79
Size

235KB
MD5

4e7f5e2d1d0f67ce6e5a9e3570db2760
SHA1

1c9433df6ed6f3375707a62899752a93fda8e5c0
SHA256

605c91c3cb8341ebc6892bf6512e5a676d2cc7dae9051e195bc792ae7edb0b79
SHA512

9f43f88a926e3a2330d31fadbd2905f8b7b2a6aa7c2c159b5a222e08701002f643b98e0ed6d2c124495254d2ec7c2bf6b2662d055b505026933751a28a4268b9
SSDEEP

3072:oIJyuSMYf3B5HW/PY5f9Le9hnLHYg5f3lUfc5:xyuSMYf3B5HWnY5VLennLHYIlo

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ekolev.com.tr
Port:
587
Username:
[email protected]
Password:
Ekol.1071
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
605c91c3cb8341ebc6892bf6512e5a676d2cc7dae9051e195bc792ae7edb0b79

Files

605c91c3cb8341ebc6892bf6512e5a676d2cc7dae9051e195bc792ae7edb0b79
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ