agenttesla | 94e6375f2c717ce7ea4fd191695ef24b439dd38a47d19825c2addd9ed42ec519 | Triage

Sharing

General

Target

94e6375f2c717ce7ea4fd191695ef24b439dd38a47d19825c2addd9ed42ec519
Size

325KB
MD5

fbf91020a49737968f0b66809344be70
SHA1

48461c8c23347453ba4cda2b0827f4fe579e2989
SHA256

94e6375f2c717ce7ea4fd191695ef24b439dd38a47d19825c2addd9ed42ec519
SHA512

94f43507706368b99e8db03a56d3b62850595046827972a117912b8478bc9bd52fff80aaab062e8290d8b9bf16ac5f85b6f90bc6e300038258794cfc3b1c1f16
SSDEEP

6144:RQlBVcATm8dlABtRXdtOjRNTJnXzCQ49vZ7iLbEbo:RQJlABtRbKOZ7

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server257.web-hosting.com
Port:
587
Username:
[email protected]
Password:
pLt8$B@JXfOJ

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94e6375f2c717ce7ea4fd191695ef24b439dd38a47d19825c2addd9ed42ec519

Files

94e6375f2c717ce7ea4fd191695ef24b439dd38a47d19825c2addd9ed42ec519
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ