Overview

overview

10

Static

static

10

4068-79-0x...ry.exe

windows7-x64

4068-79-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4068-79-0x0000000000860000-0x0000000001AB4000-memory.dmp

  • Size

    18.3MB

  • MD5

    15ca80f24c5656a2bcce02cc22ddc791

  • SHA1

    6971173b18a0cb85eefbb9b151d53ed9627ca452

  • SHA256

    0db5178a3b3c19ef7d836bcdac8eb8706272de2b3e97c3a60ee92253b789a3c2

  • SHA512

    a555a6bdbb39649174f936aca807fac686b0dfe4d48c98209d9759f9c6f8f6d7b37606ffc73b587fedb74bd9deecb0b39dfe40fc91b0705e5e9311d8fb012da1

  • SSDEEP

    1536:TopF2TcKtbPMKYSGiepOtk0TkauMCxGC6mdxoLIcW75PX3nyJEf25bhJQUS4oK6Q:Thbb7YSGiepOtrXWSZeyJ225nQMoPAJ

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://backup.smartape.ru
  • Port:
    21
  • Username:
    user894492
  • Password:
    w6NZOdcSkH1a

Signatures

  • Agenttesla family
    agenttesla
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4068-79-0x0000000000860000-0x0000000001AB4000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections