Behavioral task
behavioral1
Sample
6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.exe
Resource
win11-20240802-en
General
-
Target
6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.zip
-
Size
97KB
-
MD5
f48abea02f4e54c2930a832def823eda
-
SHA1
aec097710b00673546e294f2b3c2bbe6e26a47a3
-
SHA256
5e0ef440817d96bb71f7da4674c82fd9bc8d69a3ba939c0cf0f7f2b7b2318fd7
-
SHA512
d1440711228b043bf65798880f232add11750a2829808dc411a92e9c7060d4746a8de751e42acdc7b945f0b1b4482beea84895a6cf3fc9b24ca81511436bc9b3
-
SSDEEP
3072:bgDGsxMGwh3wJClcyaFS1AeOYX9np958amEq1YA9:bg6HbAJCls8AenMYA9
Malware Config
Signatures
-
AgentTesla payload 1 IoCs
resource yara_rule static1/unpack001/6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.bin family_agenttesla -
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.bin
Files
-
6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.zip.zip
Password: infected
-
6a7ae322269fde1d1745b0dd5b7c5a47dec8ca798435cdc65c78bb9ddbaca925.bin.exe windows:4 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 214KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ