agenttesla | 625774c58a561cbf3a1fc595818d3eb5b0eb7e86a39a9bfb43b1a2e5efb69ea8 | Triage

Sharing

General

Target

625774c58a561cbf3a1fc595818d3eb5b0eb7e86a39a9bfb43b1a2e5efb69ea8
Size

318KB
MD5

982d0e9135def601987302958b5ec99b
SHA1

221da65289239725e2bbc646bf4302075880b947
SHA256

625774c58a561cbf3a1fc595818d3eb5b0eb7e86a39a9bfb43b1a2e5efb69ea8
SHA512

5fac509b2f4821557ab1675549254a4a849b4d5279317ca04f976655299fd921447ae44acfdc79ada2896d3656af638032ca49af0ec44d480244cc6195e3abf7
SSDEEP

6144:fJZaAQUa+HXTq6IFUmIpPXOVlA4aCS1U3hC:fJZtaCeLKWVe47SS3

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.heidloph.com/
Port:
21
Username:
[email protected]
Password:
EUjZJ)6(1=CL

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
sample	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
625774c58a561cbf3a1fc595818d3eb5b0eb7e86a39a9bfb43b1a2e5efb69ea8

Files

625774c58a561cbf3a1fc595818d3eb5b0eb7e86a39a9bfb43b1a2e5efb69ea8
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ