Behavioral task
behavioral1
Sample
1376-64-0x0000000000400000-0x0000000000438000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1376-64-0x0000000000400000-0x0000000000438000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
1376-64-0x0000000000400000-0x0000000000438000-memory.dmp
-
Size
224KB
-
MD5
c5a0e211422c8365143e4de03e273746
-
SHA1
70e8f91fcbef1f5988f71edd6921ca51e64ff4cc
-
SHA256
0df4d6aa0b0c9bb5ae4f470cc0178926f22fb554ac3f69cbdcc29282121c8bd5
-
SHA512
c110989f92a2dd3367be1b936c01407222a437fbcfe685d4ed19844d06bd3fda6c6fa269e50a6f0e151352140f346317737135faf1ef13a62980f6d8d68d1b98
-
SSDEEP
3072:BJ89WlGb4i1/2DcrPLam8XUqhNQzbtL27uCi0e8oR2+lvtOOnjrZr:Iol8PuXUMNQzbN0uCiC42Wvtpjr
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.graphic-associates.com - Port:
587 - Username:
[email protected] - Password:
M@y@G2022 - Email To:
[email protected]
Signatures
-
Agenttesla family
Files
-
1376-64-0x0000000000400000-0x0000000000438000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 193KB - Virtual size: 193KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 792B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ