agenttesla | 2684-13-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2684-13-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

2834e924d79c0a8c8a87131cc5bd7c4a
SHA1

0fd028da2e287a39a8046b14610ef0582d228bb9
SHA256

68f5c91926f3ce022feaeaee248898e6856d02e4b350f7662eb5f647e77fb3aa
SHA512

702e508d707d3997d45f28c43fa5af50373ac054d94cccf51041e7b319f1cd77fcebe35177df880a69f3569499b9b2f8af9a0e054b02372a2955f000994042eb
SSDEEP

3072:Ih2d8AUgs9C8IKl070bppavTDtu5KRvZp:W2d8AUgsNll0YVITZnvv

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.atelierzolotas.gr
Port:
21
Username:
[email protected]
Password:
alibaba.com

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2684-13-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2684-13-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ