agenttesla | KeywordKing[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KeywordKing.exe
Size

2.9MB
MD5

da3725bb70ed56821687eaf2cba15c78
SHA1

f557e7e8693d969735d32f99c8f42d5ba01d1fae
SHA256

e3e6d51994bc22985115fbe9a4a3e05da5a28cd3e516847d64eba894158b37d9
SHA512

588b3d9037bf45c63d70d8f1ca60fe37f580f794fa440201ce6af2c2ebfc7bfe87de9d0439a93499db01254d643214a0a3b18442b06c573588a12b27fb0a8613
SSDEEP

49152:DTIYbGQdAjED+aE0LaiIve+mbrErGEVV1BCjB:DThbGQdAjED+aE0LaitrErr

Score

10^/10

agenttesla

Malware Config

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KeywordKing.exe

Files

KeywordKing.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

KeywordKing.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ