agenttesla | c47970fb86262704cecdc3652c4efbe8256d4b575a468fb69be3201da62c9b5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c47970fb86262704cecdc3652c4efbe8256d4b575a468fb69be3201da62c9b5d
Size

428KB
MD5

ffa350cfd22a47abfd22683df1450122
SHA1

98f6c56cbdf16021e032d2bd76fab6764a49793e
SHA256

c47970fb86262704cecdc3652c4efbe8256d4b575a468fb69be3201da62c9b5d
SHA512

66c45bf4f659619b1c69a114e3a38c39e96f055447bd8fe2f2658e8792ba6f99246e76d3943842d38449887ae1caf3dccfc7674089659c9037e551a75120ffc5
SSDEEP

6144:567IiQEAcgw/Bi2s2R27+3FTpj0stvLGyELbMUTKZ:yQEAcgiBizOX0SiyyjK

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.code-jet.com
Port:
21
Username:
[email protected]
Password:
E_Qq;Q[rN^!V

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c47970fb86262704cecdc3652c4efbe8256d4b575a468fb69be3201da62c9b5d

Files

c47970fb86262704cecdc3652c4efbe8256d4b575a468fb69be3201da62c9b5d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ