General
-
Target
1852-63-0x0000000000400000-0x0000000000430000-memory.dmp
-
Size
192KB
-
MD5
18933f4abb4feab2c590a25afa8f5164
-
SHA1
ef7a8fcb5fe06d50f0e69b3c122a604fc9b42d87
-
SHA256
683f4ebbb29eb3b1185b71867fda492af0d5b007acb783c3905a9ce5bd744c58
-
SHA512
d05eca0aa35095cf1711e5bbd52430fc10bbd56791500c72ab401d1211a2c809e37555a91d9eab4bb0c8b3e232fc362a7ee1098a5bb59ec2b044d898e78bf7e9
-
SSDEEP
3072:JHbkMN8o+cemNJEqIzYTX5uppj/vJZICJbyQIfc:1AcfEqxCkCJeQIf
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://royal-arois.com - Port:
21 - Username:
[email protected] - Password:
ENugu@042
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1852-63-0x0000000000400000-0x0000000000430000-memory.dmp
Files
-
1852-63-0x0000000000400000-0x0000000000430000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 165KB - Virtual size: 164KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ