agenttesla | 2680-24-0x0000000000400000-0x0000000000444000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2680-24-0x0000000000400000-0x0000000000444000-memory.dmp
Size

272KB
MD5

dfe5704a844d665e025cd8eb999a2570
SHA1

07b11c8cff9e9551a6f7d78c5745d14d9ef247d3
SHA256

80a272fdc3ffe5c077c2e539f5de4783083ff620bc3f19ebff2e2b3c7f58c391
SHA512

bd87ea6cf09e335f069ef16b3bbf27ef3aa074863f02f239eca40a57a69e0b5385a4a0d7c13dfde93da20f00925ee8954b5d6eb4bd4c35cd9196699433c3c80b
SSDEEP

3072:vCDL5TcdAwIrCnIv4qcNIp3HOXziIO33CgGUo:vCDL5oAwvIv4qcNIp30OnCMo

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tecnosilos.com.py
Port:
587
Username:
[email protected]
Password:
;.%^d08lQM@D
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2680-24-0x0000000000400000-0x0000000000444000-memory.dmp

Files

2680-24-0x0000000000400000-0x0000000000444000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ