agenttesla | 3032-100-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3032-100-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

97bca583183eca9570bccb1380d613ba
SHA1

0917676211a799a557118f16a80f683573cdd6e3
SHA256

59d444303a5b38e75df3dce94712df188c7672428df2191ac7c552e34acff61d
SHA512

1248765c213e1d796f59e28c4e7e9ef05cf8f716548d2de75e8229811b8f0e33b89c2301a2d7ee2d16ded5e465c968df0be26b80ebabc95420c386c485c1102b
SSDEEP

3072:rfKMgO3TH7UrMjffBHMr3Tr+nea+Q5I0fHyq5jaUC9z:uMgO3TH7UrMjXkgefQ5I0fSPUi

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.normagroup.com.tr
Port:
21
Username:
[email protected]
Password:
$%M4,p)]vd1=

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3032-100-0x0000000000400000-0x0000000000440000-memory.dmp

Files

3032-100-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ