General
-
Target
5036290x00000000013000000x00000000013BA000memory_JC.dmp
-
Size
744KB
-
MD5
2ce60d3bd8e15a43b0638b5bd626ec81
-
SHA1
cfae6961f05401cccd97723c6248fb7e874fd577
-
SHA256
e87fb774343afbe11338e7357bdbbca54d7c8d059ef2dcbddf12141441e03a27
-
SHA512
5bc8d6e865c27e61d776d24fc540ebd0646e4bdba09f38d07db26dd21fff81002dc1c7981866df708790f0dbe4fbefc099e829be625f2c35277cc24da6e445f2
-
SSDEEP
6144:4pu1edUHCMkSYbEzCRsfVO5Hy9ffJW5zdgo9TTlMWjx0L0RFUEB66E3oumu21GoR:517gkUc0t7B1RgIbSlfkvxJh
Score
10/10
Malware Config
Signatures
-
Agenttesla family
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5036290x00000000013000000x00000000013BA000memory_JC.dmp
Headers
Sections