agenttesla | 2040-13-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2040-13-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

ab4cb00d634864f0dd3fabd3b67588af
SHA1

d8c4053c0d7a867dbc60a9009c0b0772eb29a981
SHA256

086a815abb8a46b6fd9ddd5a25c2bdb4d6d38ef8c29090c58084f42636dbb4d8
SHA512

ee577525e10c20a7e83fd2cf4c35e769bcac76eb91fc3d503440984ec9831b6e2ac7865408db4117ee4d10a278f357213a5ac1267b647657a8b71538b55db96a
SSDEEP

3072:oPMIiYCJ2xN9pZRrTaEbtnRU2g8pXlokq:gMKNN9XRrTVbNR00XZ

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.kowalskiokna.pl
Port:
587
Username:
[email protected]
Password:
safvw4v554
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2040-13-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2040-13-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ