agenttesla | 1780-60-0x00000000001F0000-0x0000000001252000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1780-60-0x00000000001F0000-0x0000000001252000-memory.dmp
Size

16.4MB
MD5

db0a13b49cebefbf1c20c17fe8d296ab
SHA1

3d53989147e7c98b87d931c77d52c2fd6444b2e3
SHA256

b8ec4d8899a8c508ce0e623990df5f012484af1dffc7d29d50f28e2bed3bfad2
SHA512

4c3d6164008c51de28ee5dfa4afefd6a9417d3c18c684828fb354cf27b6408294b9793de146e4afbe4fa50d8860b7f76c7f3d6531664d46cd251d6b07dd027ca
SSDEEP

3072:E68UksMdgH61srBnA8A1ETXg9bGz10Juxv5A172uM6:98UksMOH61srBnA8RXQG2JuxC7pM

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.cefin.bg
Port:
21
Username:
[email protected]
Password:
#UuXy?6cIbL+

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1780-60-0x00000000001F0000-0x0000000001252000-memory.dmp

Files

1780-60-0x00000000001F0000-0x0000000001252000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ