agenttesla | 2836-9-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2836-9-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

ed0332ae10a3bab665b123c925deba7f
SHA1

2a279d0c6c3cf67daa4c6f58f26d66564834d8d0
SHA256

d3f66f0970085624f52a2f8cac5e218311b506e216675625f910b68f935a6918
SHA512

72835b98ecc2067d8fd9030b9725082623f4f5bfb7f984caa18437ced853005be48eb4ef90d5419f4ff8fa368f4a14bc25cb13331ab30143b0a825889f1bf6a3
SSDEEP

3072:hD9iPrnb/3HzmuqOqEzjmV0GixG5k+bfMP:/iPrnb/3zyOXCVLixsbU

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://stpindo.co.id
Port:
21
Username:
[email protected]
Password:
boygirl123456

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2836-9-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2836-9-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ