agenttesla | samples[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

samples.zip
Size

7.0MB
MD5

5d38df343650fc8ffb48fd7b2d9ab480
SHA1

6dc3380f3952d06e446a10819a17196366221f1c
SHA256

975ec4a6250960b45606ce9c155560c3283a3df4ffab69ec81f8cabdbc714b0e
SHA512

202f2e6920d09c946408ac19922797a8cebda81417d82b5085a2d5be17b857d215d8ab29bbee4619c18657242f75059796cc4f59c07f07fd145ea722867a8acf
SSDEEP

196608:MSm1UwXO5KKD++70lt0qpFalPd1ULrE+B8hBEAYJJn6UOmp:y1U5KKD+jjRpFMArE+ByErJJn6UO6

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
s1.20mb.nl
Port:
587
Username:
[email protected]
Password:
Regina8712
Email To:
[email protected]

Signatures

AgentTesla payload 1 IoCs

resource	yara_rule
static1/unpack008/bea9fc669319cd16df759974397e79c05e7565e75ca7c052af346e08b5f1d13a.exe	family_agenttesla

Agenttesla family
agenttesla

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0.dll
unpack004/933511776c5c34172b315807d11ecdd0c802f94492cace5c7127d1ddf47b2c82
unpack006/62bc8624b6ed645ddbe1420ca67376863c88e58e347fc8282001a2b9e3330918
unpack008/bea9fc669319cd16df759974397e79c05e7565e75ca7c052af346e08b5f1d13a.exe

Files

samples.zip
.zip

Password: infect
0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0.zip
.zip

Password: infected
0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0.dll
.dll windows:5 windows x86 arch:x86

Password: infect

cd8ebea09892dc08987d62be19403754

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetUpdateRect
IsWindowEnabled
GetKeyboardLayoutNameW
ShowOwnedPopups
InvertRect

setupapi

SetupVerifyInfFileW
SetupDiGetClassDevsW

gdi32

GetPath
GetEnhMetaFilePaletteEntries

advapi32

SetEntriesInAclW
GetSidIdentifierAuthority
RegCloseKey

shlwapi

PathCompactPathW

kernel32

SizeofResource
GetProfileStringA
CommConfigDialogW
CreateMutexW
GetGeoInfoW
GetModuleFileNameA
DebugActiveProcess
GetStringTypeExW
GetNumaHighestNodeNumber
WriteProfileStringA

rpcrt4

RpcStringBindingComposeW

winspool.drv

GetPrinterDriverW

ole32

CoRegisterClassObject
OleQueryLinkFromData
STGMEDIUM_UserFree

winscard

SCardIntroduceCardTypeW

version

VerQueryValueW

wintrust

CryptCATAdminRemoveCatalog
WintrustGetDefaultForUsage

winmm

mixerGetLineInfoW

msvcrt

memset

Exports

Exports

RoonlpvfdRoomvlof

Sections

.text
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crt
Size: 65KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220112-dmhzqsbabn_pw_infected.zip
.zip

Password: infected
933511776c5c34172b315807d11ecdd0c802f94492cace5c7127d1ddf47b2c82
.dll regsvr32 windows:5 windows x86 arch:x86

Password: infect

d986dd84d593c1266f1531c47644f308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetFileType
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapSize
VirtualQuery
HeapReAlloc
GetSystemInfo
ExitProcess
Sleep
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
GetTickCount
GetModuleHandleW
GetFileSizeEx
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedDecrement
GetCurrentDirectoryA
FormatMessageA
LocalFree
MulDiv
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
GlobalGetAtomNameA
GlobalFindAtomA
MultiByteToWideChar
lstrcmpW
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
WideCharToMultiByte
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
SetLastError
VirtualAlloc
VirtualFree
SetStdHandle

user32

SetWindowRgn
DrawIcon
MessageBeep
GetNextDlgGroupItem
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetMenuItemInfoA
InflateRect
CharUpperA
DestroyIcon
GetSysColorBrush
DeleteMenu
IsZoomed
LoadCursorA
DestroyCursor
EndPaint
BeginPaint
GetWindowDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
SetWindowContextHelpId
MapDialogRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
LoadIconA
CreateMenu
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
GetDlgCtrlID
UpdateWindow
EnableWindow
WindowFromDC
GetWindowRect
InvalidateRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
PostThreadMessageA
GetTabbedTextExtentA
WindowFromPoint
RegisterClipboardFormatA
SendDlgItemMessageA
SetTimer
KillTimer
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
ShowOwnedPopups
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
ReleaseDC

gdi32

GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
GetViewportExtEx
GetViewportOrgEx
PatBlt
CreateRectRgnIndirect
GetTextMetricsA
GetTextExtentPoint32A
GetCharWidthA
CreateFontA
StretchDIBits
CreateFontIndirectA
GetTextColor
GetRgnBox
GetMapMode
CreateEllipticRgn
LPtoDP
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
CreatePen
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
DPtoLP
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PolyBezier
SetPixelV
GetPixel
BitBlt
RoundRect
Rectangle
Polygon
Ellipse
Polyline
Arc
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
ExcludeClipRect

comdlg32

GetFileTitleA

winspool.drv

GetJobA
DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

DragFinish
ExtractIconA
SHGetFileInfoA
DragQueryFileA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CoCreateInstance
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

Exports

Exports

DllRegisterServer

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220113-lamfdshaa9_pw_infected.zip
.zip

Password: infected
62bc8624b6ed645ddbe1420ca67376863c88e58e347fc8282001a2b9e3330918
.exe windows:4 windows x86 arch:x86

Password: infect

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220116-bncs1afbc6_pw_infected.zip
.zip

Password: infected
bea9fc669319cd16df759974397e79c05e7565e75ca7c052af346e08b5f1d13a.exe
.exe windows:4 windows x86 arch:x86

Password: infect

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
220419-abax7sdffq_pw_infected.zip
.zip
3ec811757abece5eeb8d73fce8770390b5714b16e075c2558de050205cd8c8e9.zip
.zip
44706c08266d280e6676bc6ebf3c13b20ebd16de2c5cf15d8be020d0d0d74fbe.rar
.rar
57800373ef6281de3f09ea995703c2307c548717622244573a76e843a9c7b115.zip
.zip
61a47ebee921db8a16a8f070edcb86b5efd47a8d185bf4691b57e76f697981f9.bin.zip
.zip
Caff54e1.bin.zip
.zip
QUOTATION REQUEST-77464563548764577.bin.zip
.zip
SecuriteInfo.com.W32.MSIL_Kryptik.GIP.genEldorado.24848.27027.zip
.zip
_____WGA45-J20.exe.zip
.zip
a.js.zip
.zip
dbS6VfB.bin.zip
.zip
maxhkjfd768.bin.zip
.zip
qakbot,vir.zip
.zip
wi8cp0.bin.zip
.zip

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infect

Password: infected

Password: infect

cd8ebea09892dc08987d62be19403754

Headers

DLL Characteristics

File Characteristics

Imports

user32

setupapi

gdi32

advapi32

shlwapi

kernel32

rpcrt4

winspool.drv

ole32

winscard

version

wintrust

winmm

msvcrt

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 26KB

.rdata Size: 129KB - Virtual size: 128KB

.crt Size: 65KB - Virtual size: 72KB

.rsrc Size: 1024B - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

Password: infect

d986dd84d593c1266f1531c47644f308

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 151KB - Virtual size: 165KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 49KB - Virtual size: 48KB

Password: infected

Password: infect

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 572KB - Virtual size: 571KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Password: infect

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 25KB - Virtual size: 26KB

.rdata
Size: 129KB - Virtual size: 128KB

.crt
Size: 65KB - Virtual size: 72KB

.rsrc
Size: 1024B - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 151KB - Virtual size: 165KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 49KB - Virtual size: 48KB

.text
Size: 572KB - Virtual size: 571KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 214KB - Virtual size: 213KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B