agenttesla | 672-71-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

General

Target

672-71-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

86fa20c62e18f9e7ed12857da6b06a9c
SHA1

310a82411ff27170140388ca63975575b37883c9
SHA256

8c5abc02e9bcb578de87ec4a83c6c8a24de2b68c6dd1a90b649bf899e074a7de
SHA512

d3e60477d7517411ced25cc365aa29b106b1c7419e2e88d1216cc692950617fafb0cfd5dc899339471df7482b71cc4a62a08bfc835aaa21a6d7d55d4d4bcef53
SSDEEP

3072:Zte6CMV0B5e1FEeZ5Uc3GSIc0zuIdnJkNCL/Dz9:jABSm/clIfzuqnJk4bz

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
iebtzpacgzyullvo
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
672-71-0x0000000000400000-0x0000000000430000-memory.dmp

Files

672-71-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ