agenttesla | 4020-9-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4020-9-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

3fef39a4070de7500e7f617ec2dc1fcd
SHA1

fa5f95fcd19964fb5e453034d079f7396c70c425
SHA256

1d14f7551335aa3e3519f578b91ae2b0e78ac1b51829c0e1ae6e845cd72e8632
SHA512

ac915d18f28befb559805bc5de60495d1b44bc812efbec85913fb0debbf9cf4defd569df4d4b38ee468380045705c2b23837e2aca285bc34f7c12cb3c60d0e7c
SSDEEP

3072:Bq2QDASlP5j5fDbT8n/7v76XE7MK5HzPR6tcXOOqyQTA+iSOEsYk+6L70V:rQknDEK5HzPstEjsAndEkbL

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.asecaleltda.com
Port:
587
Username:
[email protected]
Password:
+*6TTX,ntYT%
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4020-9-0x0000000000400000-0x0000000000430000-memory.dmp

Files

4020-9-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ