Overview

overview

10

Static

static

10

2888-11-0x...ry.exe

windows7-x64

2888-11-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2888-11-0x0000000000090000-0x00000000000D2000-memory.dmp

  • Size

    264KB

  • MD5

    6ed2aeb024e1b6119c5115c8373ddcda

  • SHA1

    ebe2201b3ffe0a157c0e67860c32fef2f726bbcd

  • SHA256

    d0a7a48249f0a4d9e3b38e6d9b26e912c33c14e4486cd31688792c5bb79a8f3a

  • SHA512

    16993dac86afaa92224617be77c6b986dd4752d05c6aef2a470f6895c3aa9000f2fb2143cb4afc5c4c40d29bfb84972199fab432be20de46900fc71be126c47f

  • SSDEEP

    1536:6/cPSvuOAPyNJ2t1Loz6LpoAksQ+8uNLkOGXrYRq+6RAoFg5RhRvAOwno+rjtDBl:4cq0AC1LLa0QNu7EtsRvfxEN4NI

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.corpsa.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -E~O8rekW5UT

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2888-11-0x0000000000090000-0x00000000000D2000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections