agenttesla | 540-292-0x000000006FA20000-0x0000000070A82000-memory[.]dmp | Triage

Sharing

General

Target

540-292-0x000000006FA20000-0x0000000070A82000-memory.dmp
Size

16.4MB
MD5

abdd87514c16e520e1a741ad972f726a
SHA1

538cd1351d5513b470ab3122479deacb4167f2a1
SHA256

25054755292895d7d738467d0a700a5a6514524bab6934c9dd4dd28fd761a10e
SHA512

5dbb7f7aea2c277567e011f144a4152c4fb122123a1cf22d071ea2be0d6ee7bebc138e66dcb770e6a9fbd256e2fac38f7b5c76e4e12d2a4a83c045aef41569f8
SSDEEP

3072:DlIja/OSw0wAWa93/9oWKc96YaLy5fRZjgCz:BIja/OSw0wAWa93/97KJYaLsj/

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.omamontaggi.it
Port:
21
Username:
[email protected]
Password:
pass@A12345@

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
540-292-0x000000006FA20000-0x0000000070A82000-memory.dmp

Files

540-292-0x000000006FA20000-0x0000000070A82000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ