Overview

overview

10

Static

static

10

1472-56-0x...ry.exe

windows7-x64

1

1472-56-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1472-56-0x0000000000400000-0x0000000000466000-memory.dmp

  • Size

    408KB

  • MD5

    21726bfa64064657586be0b84558cfc1

  • SHA1

    8541c7ad6418952490be57338d2ba8c4fa6db0af

  • SHA256

    09bad077850875b7cb42a954941d5daa0c4ac5f3f48adf693fab37115d9b0b05

  • SHA512

    b9a44a2c8f90ed9bdfb09d5ac67348934130631ab224a514665fe5275f2ab884d71860088e772418768180ec9ca069947dcc13d9a98081f6b3f63719cb3e8a47

  • SSDEEP

    3072:RJyIL/bj1lJkemtzcrxDydvvnyK7GuqGofUSJb4/UA9x4Cu7qhAp08FkGRnNrdfj:eenm8i6lGgbx3AvnhAp081nNVjqKoe

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.ercolina-usa.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Z4(Vbqads.ZI

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1472-56-0x0000000000400000-0x0000000000466000-memory.dmp
    .exe windows x86


    Headers

    Sections