agenttesla | 2228-69-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2228-69-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

a93c4f12252d11aebedda986d13cf4bd
SHA1

aebac983a3dbb796d3b4e708dde7d2510eded41b
SHA256

b8882240b42782c8ee9cb05a2569cd77aaddbf55247f4197fbae895e5ea8b808
SHA512

d69720f475d57b990bfe31f0c4a17ae4049354f171bc8729c8d3458dd1567ec76f84c1a9b223f7def205abcc8863b8e251d3d2c0470276fb12a50df398ea3bf4
SSDEEP

3072:FaF6vb62nulHundNedI/8mhiBiHqKc6GKqbdBZnd:4m62SundNedC8GL4Ki

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.elec-qatar.com
Port:
587
Username:
[email protected]
Password:
MHabrar2019@#
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2228-69-0x0000000000400000-0x0000000000430000-memory.dmp

Files

2228-69-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ