General

  • Target

    2912-14-0x0000000000400000-0x0000000000440000-memory.dmp

  • Size

    256KB

  • MD5

    63368e849b1c89316fc76ea19853a1e5

  • SHA1

    13aa40d53e707306e5649b94ff5b62ecf2c7781a

  • SHA256

    cec97d1c3bbc689ad9e21173dc18300aeefa790eef46000cb488cc8a9c556d43

  • SHA512

    82f428a03d58c4807c4c412bc7e2392204e6d44a8238231dd90f8d46a6f9600873eaa47226f689c3a3395ca6e25429e23215de5b977761219203da22fc7d9f26

  • SSDEEP

    3072:DJgFUgsw0CmcXhNDTwMPkUCtYeNb5shjCa5U:1gFUgsw0CmcXhNDUMsUSnyjt5

Score
10/10

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.normagroup.com.tr
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Kingdom12345@

Signatures

  • Agenttesla family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2912-14-0x0000000000400000-0x0000000000440000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections