agenttesla | 2632-11-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2632-11-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

8acc8e29ca7112256a92acfbe84e6608
SHA1

22ce6d5afd24aeaae0f71cf7ee156404db38b0e5
SHA256

6a58af9b4bbe1d7f3578607dc31f77a16810a5c79ee3e69ce2b9b0b2b18819a9
SHA512

fbb0be4a16cc849acdec9d31cbd0e45804050e5144ab72d7c6d70b374f597face24952792afff5d5b9f42231329b174d2f4cc3eb1278a22c1a36d26ff1e388fc
SSDEEP

3072:aNP81J6tpdRtlPXzRrmWenUPdzyq8rSC5mLz5Kln:MLtpdRtlPFmWenKFBWSp5Wn

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.mercuresurabaya.com
Port:
21
Username:
[email protected]
Password:
2ffPmXZ_5A{G

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2632-11-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2632-11-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ