Overview

overview

10

Static

static

10

3508-148-0...ry.exe

windows7-x64

3508-148-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    3508-148-0x0000000000400000-0x000000000062B000-memory.dmp

  • Size

    2.2MB

  • MD5

    a8706c5bdbac4b8d2114cdd7850a1081

  • SHA1

    57caa664303ba4d80deebf122eebd5139e3b02fe

  • SHA256

    6b5a234d74f67c89814580c7b381284880c159c7fd800a5e7b43bcb877bfdc9b

  • SHA512

    42ab0a9d7d8f7d3f73dc763521d97935d24252403c5c07f80dc0d83afaa57ec41b9146d4e06795d3bd7227091888e98d48e16cdd41bfe4c4bd7e9f8c19ec8e92

  • SSDEEP

    3072:OD0M/CQutuGc/auv5zcqAZKjo7zpXTdhVtkXlAChSo5Mxl3l:OD0M/CQutumuvoF3zeJEo5Mx

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.mgcpakistan.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    boygirl123456

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3508-148-0x0000000000400000-0x000000000062B000-memory.dmp
    .exe windows x86


    Headers

    Sections