Overview

overview

10

Static

static

10

1648-134-0...ry.exe

windows7-x64

1648-134-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1648-134-0x0000000000FE0000-0x0000000001FE0000-memory.dmp

  • Size

    16.0MB

  • MD5

    de6fa31fda34d164b7f8f66ac7e6def9

  • SHA1

    2047d1096975b7327a5bab342c73dc51f8df0ba7

  • SHA256

    293795f362acc7364f0f789c18cb94eb364bbf4f9af5244549918aa3d204262f

  • SHA512

    cd74be516d0442ef67dd828cce23532124c94b6fc8746c21f52e66fbe23576e7310e431cbf20fc62859bd949e0164c3036f54804383847e54cafb552ebea0e1a

  • SSDEEP

    6144:/gl70hlJFRvGOjLOAgdGpAMhQXzUQb+qbSOpTeA:9hlJFRvvjLOnY5Qb+qb

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7172797922:AAFpFvb9aDA6gNOfAQxAcL8OFaE0ZRrNuYg/

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1648-134-0x0000000000FE0000-0x0000000001FE0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections