agenttesla | 2288-140-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2288-140-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

878bb6ef7e30d2cc39bf55bef2503fa8
SHA1

d9cd2aadeacea06f3bc148a584b412fccb67e761
SHA256

ba33596608fe73b53244265c5a39d6086dcfc40ca845866012d8748dea4309b5
SHA512

62a1892b56f169254fca7914bf7eb3c2f5d5fc25026a568f7db1f6cadf43dbcdbc4d4c7894de942972b072e1d4035e428a2e0cc178ec3f094abb18c64edff99f
SSDEEP

3072:6eDLubNUmK7zLQfrVKlxwDU48ttS7SkIq0uA/:6zNk7zLQfpES4tY7SC0

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
DKL!@eK8
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2288-140-0x0000000000400000-0x0000000000430000-memory.dmp

Files

2288-140-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ