agenttesla | 544-62-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

General

Target

544-62-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

644e9ad069c0019e5c58d06576dfb6f0
SHA1

ab7aa2e60dfca362bce469d0d2845b076151a837
SHA256

986b5407afb0a14edfad40e6c0274738d4cd71f7f53fd1cf7617ec807d86ff6a
SHA512

45930eee0a357e04e4601df56e7fb23e884618b87331ffe863b3b5ab1324ce784b5260a2b24e179be748f4d9ed045893ffebea94501451b2aa7a8bdb4b87183c
SSDEEP

3072:23DKtUztYHbVgFh0UZQ8VZVaWDu2qWLcTiN3hhRwLon:KCHbVIjZQ+zu2nLjN3POUn

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.thinehai-freight.com
Port:
587
Username:
[email protected]
Password:
ble ss ing2011
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
544-62-0x0000000000400000-0x0000000000430000-memory.dmp

Files

544-62-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ