agenttesla | 1516-70-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1516-70-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

bbd8527ee19a1e1c6168c48b7c99dd66
SHA1

431b2bf428718e3f23d6988818ccd18323d6502a
SHA256

13b75db1a6c6b393b63e2caffcae991e95962c81f53fee69e45c009cc67f12d6
SHA512

fa4158a47492399fae88bce2af179d4e0993ddd2ab1bffabb0836b1c9951450ca47e81b37e7a4badb1438930079f1a48e3621f835674b6b10b52b588a7b16ee9
SSDEEP

3072:Vecl7k3x+qG5W1eM+IeP/kFjDMfCfhzwvFEAILC/:VMx+qvV+JkefCfhfW/

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
kvhujpowkfpycpdf
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1516-70-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1516-70-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ