agenttesla | 3740-12-0x00000000073A0000-0x00000000073E0000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3740-12-0x00000000073A0000-0x00000000073E0000-memory.dmp
Size

256KB
MD5

8a081a4f6c497c60c6e72dfabfe30326
SHA1

e51a41d86fb54ef8749d84e5debde61412917b75
SHA256

c92c177da1773feadc83933935edb57564bbb7a2f3628dcf607c9cfe9107a9a7
SHA512

ab6dabd63355606b43e7af4f071e5ed9e5d84badddfa9f17c8830b8b90eb888ea148c173dfc717b3431ff6bc7fd6e24e6cad9b632ae37908487a560d4037ebb9
SSDEEP

3072:cn1LIeYAMw0NPh9vMD3OpEZIkZ3jkjBRA5n0oakc5:01L5YAMw0NPh9q3O+ZZwjTqal

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://mercuresurabaya.com
Port:
21
Username:
[email protected]
Password:
jkHbwX3v^V+W

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3740-12-0x00000000073A0000-0x00000000073E0000-memory.dmp

Files

3740-12-0x00000000073A0000-0x00000000073E0000-memory.dmp
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ