agenttesla | 2640-74-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2640-74-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

c1ca3e7c4f9b43c0ce789ac873075025
SHA1

d03a813cb2c5a4cb6886d6f2b92bf1e2719b6910
SHA256

98eee209e443bcabf9ad0061b2ce8b421785990f52d0f48919ac61da8ef7f10c
SHA512

b3b3bfc72bd9d8271d60ff60c1b1c8b9636580bb78a478f9fdd69e1955204a491df2ecd843a3cbba1146277c4fe7abc470a1a94e5033c09b937f0532244df7a0
SSDEEP

3072:z/PL1I5AXMEtPNnGbVhuIusIQG7wDskexfq9/P7:ruALtPNnGbVkvsI+DeI/

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.havil.co
Port:
587
Username:
[email protected]
Password:
ND{!x#V2NT%K
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2640-74-0x0000000000400000-0x0000000000430000-memory.dmp

Files

2640-74-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ