agenttesla | 2556-11-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2556-11-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

79adee9cc831920cdf940ebc16d0500a
SHA1

1794cee15e2ff1370725f89c2a42c76c7bd8d647
SHA256

fabd85b69a710df8f324861060659446c07fdf29640842099a641598cb438ed3
SHA512

c254cb7ee3a8815678b4f9638023c479df0ca2bfe5d8127c8b8b380ab942672490235c3297b5878f9f8063246642f7afd09e0fb657c32d517fc282794a53cafd
SSDEEP

3072:hv4kaaq6KGtInoB4Xpt1VqQ2y6GQGGCT5egOo+mP:F4kaaq6KGyoPy6GQGGCZOpm

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://s3.serv00.com
Port:
21
Username:
f9226_jono
Password:
Ogasa56#@

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2556-11-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2556-11-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ