agenttesla | 2612-18-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2612-18-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

c5f1d16e6226e88b8cb5604a510df091
SHA1

ee490ce2b381e0c18dc0809a6c145a3e5d198647
SHA256

2856cc5b10727f9497e649e82651da3d68b696de90ebe569fd9baed1df905a34
SHA512

dcc81dabe76d58efc57fce0e69328bac2555e01b3d72126a2ee4044bc2c331d8ed8176076b47c28bd1b041acc8c260b17b28193ffb4f02b9d860c04088d432a5
SSDEEP

3072:G3K9ghUAMw0mRzZPpQYYaLkvUj5QC21E5i:uK9ghUAMw0mRzZP2OLkvUT2C

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://eu-west-1.sftpcloud.io
Port:
21
Username:
f406adfd45554dcaa866cc1d1e918178
Password:
wGxzk7oyM2nlCPtLmOew6S19foB2ZgAV

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2612-18-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2612-18-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ