Overview

overview

10

Static

static

10

4940-10-0x...ry.exe

windows7-x64

4940-10-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4940-10-0x0000000000400000-0x0000000000440000-memory.dmp

  • Size

    256KB

  • MD5

    811495abf6334f2f2e23bac76c64fecc

  • SHA1

    50bab797f504de02460f4039e60c767ddab6d35d

  • SHA256

    8f25c5326334742844883fb65433a3e48a514f86799dd19a7086fefb4a8f15dd

  • SHA512

    13869bf4a6406ccfe96e84d063b8d5ceca68e2b351e2578f56f8a406cca85460e65d8328a4540ed9ccd672a1a12d1568e386cba754b25a4f3eaa3657a427162d

  • SSDEEP

    3072:YyKcw0w8AO/iF4vgJsw+IOEoxGG5S6qjcP:dKcw0w8AO/iFIgL+InoxGeqA

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.normagroup.com.tr
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Qb.X[.j.Yfm[

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4940-10-0x0000000000400000-0x0000000000440000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections