agenttesla | 1580-82-0x0000000000400000-0x0000000000615000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1580-82-0x0000000000400000-0x0000000000615000-memory.dmp
Size

2.1MB
MD5

da8bc83290d0c7ae6c2ec1ba33f63daf
SHA1

548821e48bed36111697819973aab6af6ad8fa58
SHA256

ae6772ad376b491a1cc9d81baceee4d2bd45f37769180add5f2a20a9717dfd36
SHA512

765df0beab82ac66580ebab4dbe5c65af75074a1e78b9535b0cf08fd7b14a4bd8164fff91247f03b50f8b65df25a5e8bae172178df5c34337e1927074af4a821
SSDEEP

3072:4gXowImeif1K21WJJU4pMsixMSHqFvI9KR2ImTIUN9:W4K2sJ1p0MIqd1wVT7N

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.tecnowares.com
Port:
587
Username:
[email protected]
Password:
pY$WNuY3@@wed
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1580-82-0x0000000000400000-0x0000000000615000-memory.dmp

Files

1580-82-0x0000000000400000-0x0000000000615000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ