agenttesla | 2884-45-0x000000006F920000-0x0000000070982000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2884-45-0x000000006F920000-0x0000000070982000-memory.dmp
Size

16.4MB
MD5

b18560ca4ea77b86023fa10cbcbf954a
SHA1

1f07dde39b5195356f396297bce356d0556bc146
SHA256

5c569afd014fb70b3845415fb35c746e658918e6ef8973f23a1c2912836d52b9
SHA512

6b6a89bc37b02f532a24f2e56812e6c4d478dce585a1d0d729d3cd62b008d0a97423c1227920c28bcf8c55b93f301fe19a8462307a02c5ef1c2c7718d7d54fb1
SSDEEP

3072:/FJvf8yymr74X1LcWFJXnUiWMQXQF2eXwbDcvHnpM:b8Fmr74X1LrJXnUiWTXHmnR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.customcedarfencesmichigan.com
Port:
21
Username:
[email protected]
Password:
V#!rawb#6aS%

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2884-45-0x000000006F920000-0x0000000070982000-memory.dmp

Files

2884-45-0x000000006F920000-0x0000000070982000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ