Behavioral task
behavioral1
Sample
f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126.dll
Resource
win10v2004-20240704-en
General
-
Target
f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126
-
Size
2.1MB
-
MD5
c05cf8543a06cf77ba8e3d03c1b39870
-
SHA1
40d53bcdc940fafccf02404866d9d917c0a84696
-
SHA256
f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126
-
SHA512
07b959fab63ccf77072b70ae89f1ccc047fa4ba00fedff8503688125d9a2ca284811d4fb5c9125ff0468dd077ad2aae719b3b22067156f5c8a806f16890b9145
-
SSDEEP
49152:w34QXpXwn9cQPHvrkYsIJLBOrOcNTMzFon:wIQgcT
Malware Config
Signatures
-
AgentTesla payload 1 IoCs
resource yara_rule sample family_agenttesla -
Agenttesla family
Files
-
f446f3daed76fa4d1fdfde1e00e9348ced91853662ba953e9beb8f0ac6450126.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate
IssuerCN=Sobatdata Root CANot Before23/10/2019, 05:22Not After22/10/2025, 17:00SubjectCN=Sobatdata Software0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
a1:02:21:ee:07:c6:a0:d6:63:b6:2b:15:80:7b:83:b5:46:eb:8a:ebSigner
Actual PE Digesta1:02:21:ee:07:c6:a0:d6:63:b6:2b:15:80:7b:83:b5:46:eb:8a:ebDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ