agenttesla | 1540-73-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1540-73-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

6e63d48254f051e6d43baf11e0a8466e
SHA1

b45b53cb0703090b205ded13256437e6856d1fac
SHA256

690759003d7637eb44f360e8dfd4f198840c7764e10e4e4442e02be6d701c5f1
SHA512

eed8c802193e69370e2de6b00e5361b55db87f648460a278855a2cac7e0674a3817d81ec05d8dd68002e82bc7a67eff776b95dc50ea6a35d04d0ba10a758737b
SSDEEP

3072:fQ4M7SMicJXgFYaiRUMj1TjWJAhXFcJ9n+N/5mlgAz:IHiUnaiRxj9jhXaJ9+Nxk9z

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sorincrop.com
Port:
587
Username:
[email protected]
Password:
blessing202321@!$%btr
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1540-73-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1540-73-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ