Overview

overview

10

Static

static

10

1576-1392-...ry.exe

windows7-x64

1576-1392-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1576-1392-0x0000000000400000-0x0000000000430000-memory.dmp

  • Size

    192KB

  • MD5

    5dc00a4a8f91eaf3de4f50aa0da6a483

  • SHA1

    8a1525944eeda6a9d5f88435c8d4c5f77b89374d

  • SHA256

    2fdd7d2b4ce32c2dbd29966c8b84bbb22be79b9c24ce2ae9311e696ba8739b86

  • SHA512

    5628ee3a225b3e28395cdaec115f27fb7d08c8b06050cdd403e78e2c664247a955ba7445d92dc3a4f6088a2db6b5022e52af150c4b9b8a8fb863e60d94fee129

  • SSDEEP

    3072:GWvgVuQs0bkjKOh2KYivLi43r1orKh99/lbcnnnP3fS1qoe:GW4VuQsrhIk73s29/lbcnPvS1

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://files.000webhost.com
  • Port:
    21
  • Username:
    tain00
  • Password:
    computer@2020

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1576-1392-0x0000000000400000-0x0000000000430000-memory.dmp
    .exe windows x86


    Headers

    Sections