agenttesla | 1808-170-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1808-170-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

01d176d2f222b9a04cedfb0b520e65d9
SHA1

f7475843c59a5b7ba4ab2615400d83f3b7c77110
SHA256

cb95761d37a358b34978aa49c8245c305a891dbb7c80362c70f1440f9891c4f8
SHA512

9aac9aa07dbafadbad12f998887276d3a45c9820214308d1f40481abf95d8a79714bf1238c1ee878e2e5c7708b3cf3405983006a6d642974fde8f73e4ebf85a2
SSDEEP

3072:WM+gU6HGOAWTVtaEf4CeL3NWnt3uz8i0/fg4MYha:PfAWtaEACeLUsQFHg4D

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1808-170-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1808-170-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ