General

  • Target

    2524-19-0x00000000004B0000-0x0000000001512000-memory.dmp

  • Size

    16.4MB

  • MD5

    850c57fc2d9adb3b232047e73345317a

  • SHA1

    d1541685fb78e6c4445b4494b3440ea1e03f51ba

  • SHA256

    c15ce735085b7d46859e585f5fdb904391dc73fa3ea5f74f658f50739e63f4ab

  • SHA512

    c0a1e9ec9dcbc94b114ea416e7ae83b0e1a0a06ec6ed983f5ef5d1a5380e2d78bcf6502221532ad89543fb48bfe43d49d302e524f2cad7285a37ee23a8505269

  • SSDEEP

    3072:tJ//vfPYrXhYkYsHkaFF8cfaXumYP+3ngeaX59DZQkVJvip:r//vfPWRYkYAbFF8Iafj3wPGkVhi

Score
10/10

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fredy.ee
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    playingboyz231

Signatures

  • Agenttesla family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2524-19-0x00000000004B0000-0x0000000001512000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections