Overview

overview

10

Static

static

10

268-63-0x0...ry.exe

windows7-x64

268-63-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    268-63-0x0000000000400000-0x0000000000430000-memory.dmp

  • Size

    192KB

  • MD5

    b5c016a2f20fce935343a0552921884f

  • SHA1

    f4b2c383f0ecb12408d6d1cba43033ec3f01cf16

  • SHA256

    8f1e3d4fbfc801bd28b20be66bf9bc2931f8f5c614ef6648c757df328b6836d4

  • SHA512

    43b91a44c0709af45f62169bb26f33ce991e196748d58e2f94587eab25927e6639977ae6e27abf85f622d298822d8914d27d025a9d7cefb4ac62a7e22e5566a4

  • SSDEEP

    3072:qRYqy96OUtuot+mTv/oO8qdfYTiYnU1TUN0LZMdfpvtpFbGjUibU:qRYqy9pUtuosmMOb8zs5udpbQUi

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.grupomorales.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    RtL%(A@PzBa(

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 268-63-0x0000000000400000-0x0000000000430000-memory.dmp
    .exe windows x86


    Headers

    Sections