Overview

overview

10

Static

static

10

4800-142-0...ry.exe

windows7-x64

4800-142-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4800-142-0x0000000000400000-0x0000000000430000-memory.dmp

  • Size

    192KB

  • MD5

    700c0595cd2a7693c95e71e17c0242e1

  • SHA1

    65f4aa4d05fdbe95a20fe75c59c048e3e45191ac

  • SHA256

    ef1ee88024e961b1bc1b94f2389e3927cfd1c6a38d2b13280238663bd1cf8602

  • SHA512

    9f7b4ed28891be1f79eff94b14d02c24f433d45653844af65183af8f2591a428384e2ce927de4989ba6aed01f66eef8c1388a9be7760d31fb450332e6b6ff2f4

  • SSDEEP

    3072:qOEh7xgFtuukVi+l4jp5d3P/Lx+FvDyY7qab7HzU2tcB90JnvM25:qOEh7xgFtuNIO6p5Rj4vtmAM22B0nv

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://valvulasthermovalve.cl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    LILKOOLL14!!

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4800-142-0x0000000000400000-0x0000000000430000-memory.dmp
    .exe windows x86


    Headers

    Sections