agenttesla | 1148-63-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1148-63-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

5fc3bf412bac7e4bae0aa0da71553cba
SHA1

1a48ea496c515328391974e37896de94a2304ef4
SHA256

0e689e5e1dd79e0218aeaaa82a83c42595ef2475e8504ec91f476630fe9dcfba
SHA512

3f04ff438660519142f3568297d1eb9afec42d7adfd5b47a00dbca01f356e295c7b6925a30c525d74c6eef398c7955fed08cde43a6cdd718913271078fb0c5ec
SSDEEP

3072:CuXI33wWKpZHj1Kos8wB8LNRWgwL+H359hMQuw:CXYZJKoeSWgwL2/W

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.faber-castell.co.id
Port:
587
Username:
[email protected]
Password:
ancha-1761
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1148-63-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1148-63-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ