agenttesla | 2808-12-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2808-12-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

c22cf6e7f29baf7db4f59a174d1c5130
SHA1

76f4e4c075b16ff8f9304f2c4da4a373d018dd1a
SHA256

f164a39d2500111ec818509fa25f148440cdab2df4641af0e478911fa2d8e91d
SHA512

dca6e027bc5ca17836baa58bf622fff7c98d1c92ef7b86e410154d494a10b7c4199c07b1e32d19b38208a0a56a9d3c01d213f87b25889c56c8b0aa18a72ac087
SSDEEP

3072:oPMIiYCJ2xN9pZRrTaEbtnRU2g8pXlok:gMKNN9XRrTVbNR00XZ

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kowalskiokna.pl
Port:
587
Username:
[email protected]
Password:
safvw4v554
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2808-12-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2808-12-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ