agenttesla | 1388-6-0x0000000000400000-0x0000000000470000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1388-6-0x0000000000400000-0x0000000000470000-memory.dmp
Size

448KB
MD5

f1ce6972e242779382c59a8081f571ff
SHA1

7b4983a8c340baf3f0432b7791584a9181ceafbd
SHA256

f2cfa677b7f20e89378e6a439b1c2e50f8d16f0fc4b81e91661d3d70dd208203
SHA512

2c1d650800e53b0d4ac42e489fa061aa222470d646d6f65591910aa2d800395639c416a6072da8ec13615eed5d7717698efab8d04694c6a9a57be83da7d5bf20
SSDEEP

6144:Wv67updRtZ8YGvN7bnCRn6/H7+bU+A61stvLGyELbMUTKZ:EpdRtZzGvN7f7+B1SiyyjK

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.code-jet.com
Port:
21
Username:
[email protected]
Password:
4+i)Wf,h^zRm

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1388-6-0x0000000000400000-0x0000000000470000-memory.dmp

Files

1388-6-0x0000000000400000-0x0000000000470000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ