Behavioral task
behavioral1
Sample
1092-100-0x0000000000400000-0x0000000000440000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1092-100-0x0000000000400000-0x0000000000440000-memory.exe
Resource
win10v2004-20231127-en
General
-
Target
1092-100-0x0000000000400000-0x0000000000440000-memory.dmp
-
Size
256KB
-
MD5
ff7e5dfdd534274988d36ce9f08a8b90
-
SHA1
e7a3ee14092d21bd108cc1e8aae2eb0268712050
-
SHA256
72cba8a21a8b3f2da25647e8318734a7c15ba2d433db6949da123d5384ff1fd3
-
SHA512
9214058ae47496b52ca79b2aa1686433d153fe774e3f9bcd678bb63501046ed38f703ad4f243113e4025e0247526ece46fd7076c7e25af090b61703ccefa87f1
-
SSDEEP
3072:1B/C7Xjnb3YS6PF3SrmIvt/0JFIvK75NKJpqs:P/C7XjnbIS6PF3SqIvSJFIvKmJ4
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aksumer.com - Port:
21 - Username:
aksumerc - Password:
211116.kS*-
Signatures
-
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1092-100-0x0000000000400000-0x0000000000440000-memory.dmp
Files
-
1092-100-0x0000000000400000-0x0000000000440000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 231KB - Virtual size: 230KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ