AgentTesla[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

AgentTesla.zip
Size

2.0MB
MD5

983f1503dc3e8c490843b7ccebc94707
SHA1

b12f48268e5027ae1b144351e14f101c22e7131e
SHA256

805d396aaac465a07010d9035a4f6cae6cd911e2f6b7e9ab9586ddb8d60bceca
SHA512

734873f4f5bfe16e47ba5b2a79b99c7db92dba986da214dbc77a5588e31dfc4c485e7e15d4d19e56679012d13d7a34dc4be829ab6e0b8c12f7ad292ecc6cd94d
SSDEEP

49152:azP2DsPCSVN8mO8grMUPTOqxxhX/uifdFv:azPLViNlMUiYxhX/DL

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack003/shipping documents.exe
unpack005/shipping documents.exe
unpack001/AgentTesla/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a/shipping documents.exe

Files

AgentTesla.zip
.zip

Password: infected
AgentTesla/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a.zip
.zip

Password: infected
d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a.rar
.rar

Password: infected
shipping documents.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hqwK.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AgentTesla/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a.rar
.rar

Password: infected
shipping documents.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hqwK.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AgentTesla/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a/d6da864003f7e52db5c94d1381b7ac890f3dcfae1dfd2dc245e8a18a6590d29a/shipping documents.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hqwK.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 776KB - Virtual size: 776KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 776KB - Virtual size: 776KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 776KB - Virtual size: 776KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 776KB - Virtual size: 776KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 776KB - Virtual size: 776KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 776KB - Virtual size: 776KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B