agenttesla | 1248-70-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1248-70-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

db955a28017c84bee76cac93019a3a6e
SHA1

faa16f516e06222c98e255572cb8d2c6a9123fac
SHA256

3b7a754c4dd6a4970977a6b16e317339ee884ee3de68dd49eee69cdd94020317
SHA512

e2b3007c0a00263c97d5906bf947ef8a31cc93878a287dbef40d18019d15e8f2b026fbd8eb43d6d9addfa5b954c9cf2168b210b3907ad3db211a122e7999ad10
SSDEEP

3072:Rgl2lOBWsQxKk14SvliYpDUgMut3rev9ArjmOhzKBjBJz4Iv:RrbL4yiaXJj3IFnzDv

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
Brillium360@@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1248-70-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1248-70-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ