agenttesla | 980-63-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

980-63-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

eb0508340f34c7e32c124b1924ce23af
SHA1

6bc40249eb9dce177fe809f6872888f77620db3a
SHA256

606ffe6a38d64b59a54e96147de121ca605f5ccaecf4090790d3b2382be96081
SHA512

97b28969d7bb5e1ff55fdc9789e2e95fafc89f10aff3fd1aa1f8ef8d96c93563440884a84f1c0e0dff5fa3f2ed011ed0981b183283de73e82057e6d8147fa47b
SSDEEP

3072:jfgQeZk9z41jHTDEXwRgIxe0OVkKKN1GXsZLvGk+G2a3k4huGc:rl0rTYgXxe0qkKKzGcZ9L2qxAG

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
longyarh.shop
Port:
587
Username:
[email protected]
Password:
u7^Yk[RW]3I{
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
980-63-0x0000000000400000-0x0000000000430000-memory.dmp

Files

980-63-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ