agenttesla | d6a922922f152f59c252c7a922b0b09e_JaffaCakes118 | Triage

Sharing

General

Target

d6a922922f152f59c252c7a922b0b09e_JaffaCakes118
Size

192KB
MD5

d6a922922f152f59c252c7a922b0b09e
SHA1

b13203b255a9fc24611f017b59a92b242db5723e
SHA256

af3cae1ae18f28bae10b1e1143855d1a5483d1cb2d5305c18d4e7aa61b2e9507
SHA512

3d3bd89c3b44d801a8512c430e702694612c4670c804df7ff385018fe466ef1ff886995481a727be0c15bcd4a32322790920bb3b8cc5c15947cef3ff2d28bcd0
SSDEEP

3072:9s38eKqxUzx2tiSU6b555r13q5a1QW3dQetxiEWFpbkEe/141/8AqUas6/5:9g7UyU67Q6d/EZ9qUa

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.1and1.es
Port:
587
Username:
[email protected]
Password:
elsecreto2019

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6a922922f152f59c252c7a922b0b09e_JaffaCakes118

Files

d6a922922f152f59c252c7a922b0b09e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ