agenttesla | 1720-9-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

1720-9-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

c09b2aeaa699c8935c031b616673718a
SHA1

93b64d32dec4d7647f9e7269e258bdfc36a4053a
SHA256

30d698e912addd2ef66b95ba128c36312e974efcbc43d32591d02baee5f4300a
SHA512

d88c6ca10df0a7203f793e6f4d94a160c34d0dce075df53a216b77bfd34d9b0ba9b69249da67b57be3f8d1c9a553aeae0e58472221652b3d85b75ad5dc7d861a
SSDEEP

3072:WNdbbDRZwjKElYK6WVNcbVBjzp++2Efh53INrHVk:ObbDRZwT7QBjV++18Nj

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://80.92.205.47
Port:
21
Username:
delizzasuppl
Password:
99EK7bvTZr4zBnwW

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1720-9-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1720-9-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ