Behavioral task
behavioral1
Sample
3668-138-0x0000000000400000-0x000000000043C000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3668-138-0x0000000000400000-0x000000000043C000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
3668-138-0x0000000000400000-0x000000000043C000-memory.dmp
-
Size
240KB
-
MD5
39d8da0e0b49b884bfb5048aa22cda96
-
SHA1
ec0f16bb1cf94ae21f3f8e3dc4ce90cafb6cff52
-
SHA256
e1d213c71e9204244ee66f5a1f4280a0c60033506e2cbdb44273200fa1320895
-
SHA512
fac9d0cde5b06686ec8ec3172812e730e5d36aadd314e74aa7240002f3b9417e064a90877d7b2d728d6787ceced75c24b3da6d43e52d103a65b404719330449b
-
SSDEEP
6144:gUpcgUTg+bpjUk95/i3K/6x2QE53yrQw1:1cgl0pd68S1
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.peva.it - Port:
21 - Username:
[email protected] - Password:
Team2318!@#
Signatures
-
Agenttesla family
Files
-
3668-138-0x0000000000400000-0x000000000043C000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ