General

  • Target

    1120-129-0x0000000000400000-0x0000000000442000-memory.dmp

  • Size

    264KB

  • MD5

    7430a4903532ce9ec793957bb02e5ccc

  • SHA1

    956953026ea40819e4885c54cc88d9897a496fd5

  • SHA256

    a7e105ca4a2c764739ba1f9d32c826cf053f3416fd452e70c12e41529b5a67e9

  • SHA512

    6b7453bbe508253ae56457b30b9dba5d3a7686b89a3e5ee02afd88942fc3c538fe3a6fb2aa6edc84d1ce17ffa9791811a990b790d22ddea6114bee59192b9575

  • SSDEEP

    3072:R7ID/bPDvhKMcaH4qGUA6giz+OBx2nlPVk75haiE3ode:eD/bPDvhKMc44qtpBx2lPVkeiC

Score
10/10

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    =A+N^@~c]~#I

Signatures

  • Agenttesla family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1120-129-0x0000000000400000-0x0000000000442000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections