Overview

overview

10

Static

static

10

2480-1401-...ry.exe

windows7-x64

2480-1401-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2480-1401-0x0000000000400000-0x0000000000430000-memory.dmp

  • Size

    192KB

  • MD5

    e88b4f947f2ce05c8b9f7902361cd496

  • SHA1

    666d462efb5ed3669cf55d824120026d6631a792

  • SHA256

    9a5688c0927ede41e720aedbfd82120be6c28f972d7ee7546c57be9494b98ce5

  • SHA512

    08205c913a5143afbb9836e4cf75cc130521c943ff9855d448327800376351e062742eb4fd29b5963f9020f9ccc45f8a8765f2d7637ff166080e3a523d5bc383

  • SSDEEP

    3072:VjwsZYS91qWJbR1AhTjRjN1TeuoFTVTz/g/HSUo+hkTz3VAviwt:VjwsZYS9FbAhx51ATlgrklAv

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://files.000webhost.com
  • Port:
    21
  • Username:
    socoxx
  • Password:
    computer@700

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2480-1401-0x0000000000400000-0x0000000000430000-memory.dmp
    .exe windows x86


    Headers

    Sections