Overview

overview

10

Static

static

10

2168-1386-...ry.exe

windows7-x64

10

2168-1386-...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2168-1386-0x00000000050A0000-0x00000000050DC000-memory.dmp

  • Size

    240KB

  • MD5

    23cdecac7fae308b2ef8eafbad5785ef

  • SHA1

    c0577aabe7557307d4007ec5cce067f7cc96e31b

  • SHA256

    4652efbfc84b81316aa7975255ca89818b5c747c426d739a196171a5471db04c

  • SHA512

    66993b15c12017e7899c4a1702b1958c17218f029cc2bd67efa73799c2d2b450f48c19b2915f0001388a9d6b6afcdb93ae6374bf9195d1f7edc77c8883fc3630

  • SSDEEP

    3072:wGWE/j9hqoyRXi3Vya7PUskx1+t+IcQnWryzM8XpESoKVD9fh4XHMagtUo4i:wcyRXPmUd+UI3Xz1BVUTkUo

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2041348144:AAECRP751u40yyZrAnCcqgQojlk0qhAbHig/sendDocument

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2168-1386-0x00000000050A0000-0x00000000050DC000-memory.dmp
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections