agenttesla | 1492-85-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

General

Target

1492-85-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

860100c688bbd2eb1dd9b228e49e03e6
SHA1

58d1f70c457218396f179ca82863373d13a4ac0d
SHA256

1ce1ce438affa42d871d11fe3f3cb881392cc87c285de72bd1e0bb860ae89bb0
SHA512

801ec25ed94cc598b9389a8f400353a24d66519dab929404f4cc16fa6cf80c43f6a8eddad4f93f5de3fc1d88e02b764fed18944323560572f68bbc02f1315c14
SSDEEP

3072:N5DJwix1sMIG1YhbvVnLy3ahxsQPtxKViFN51COA7Zp:6ogRLPxsW1p

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Tovt)Os8
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1492-85-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1492-85-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ