agenttesla | 796-68-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

796-68-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

ec3ab3d1d42d78e9b530d2b48cf596fe
SHA1

426d1247b62b05d459d701ee560af0e6a7fd05b6
SHA256

3bfccbe4621e92b9fdd5077def98cf4d0584421fad7052c96e8d63ab66b76326
SHA512

082c6067158af13ea4a755132819249fb6ca79373da6f37c6195b01c97863d55451fcb46b200147ac16478e62a443a732e1584c7a6b2a8f398a8892d25d9f7b1
SSDEEP

3072:VkMVHZB33NxQX6KCq19udopYYPzLMGXTLbqLWciQR+9:XVHn3NOFCqruELMxqKs9

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.meplinpiston.com
Port:
587
Username:
[email protected]
Password:
Mk&jexeak4
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
796-68-0x0000000000400000-0x0000000000430000-memory.dmp

Files

796-68-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ