Overview

overview

10

Static

static

10

2280-8-0x0...ry.exe

windows7-x64

1

2280-8-0x0...ry.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2280-8-0x0000000000930000-0x000000000096C000-memory.dmp

  • Size

    240KB

  • MD5

    5829446a5b67f420765362b12a60645f

  • SHA1

    09dd8f19e3ca6fec883df1bd848b3947e62b9f13

  • SHA256

    f4c89cc33ca8daa6c6b39322e1e62605cd01ba71d68b7fb570ff00affec6b5a2

  • SHA512

    19abff108c01d785e12486f9646ff63fa2a36757011d43b230012a53e40643d4c8083e833156115151cb6451f9ca27325c1f17e49894346dd91b1d33d10bc40f

  • SSDEEP

    3072:cmQ5xDOxLgPX7FdtXEwAu1sKUvlcNGJR9X1eStP1luF4QJpqbj0vl4r0o7WwJQYO:cxawfUeAR9xNluFDqkvc0w1Ul

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.ocp.mx/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    lasco4000

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2280-8-0x0000000000930000-0x000000000096C000-memory.dmp
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections