agenttesla | 540-163-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

General

Target

540-163-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

db4fd4f147f02a1724000ade058e26fe
SHA1

0abc888b95d39204f037f4114b142d4f6f1607a5
SHA256

a9e6bc06af196231142799ab515b4f6a17fb5a1f3820cf230cb752d35dac4a04
SHA512

a08878376ae8ae994905fb53a66faa7ef5ed6d8f4fe9c1d47d851f95db9ad5341a6c537c8a451e3f904297a8e5a947b8e51592b9d1e188bdb30cc0b404e2d3f8
SSDEEP

3072:KFsFWW+APhR1Jr/aGMvGc9qXT7+iKRbeeD7C6d:KGsAtJrSGCdkT7Khei7Pd

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.celebi-oglu.com
Port:
587
Username:
[email protected]
Password:
celebioglu3535
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
540-163-0x0000000000400000-0x0000000000430000-memory.dmp

Files

540-163-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ