agenttesla | 2768-18-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2768-18-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

32f0811b2b471f53e91ef50d42ee7234
SHA1

46c74f178a7daf9135017cd68ca206ed0734d983
SHA256

a21db9e26c5588729f1bc9e04336d0af484de77b7a26be0f4d638d936c1dcd0e
SHA512

03a2d7d519621152a6e09fd3893e6548c0ed386610c2d4af47b1e0c2869f9dc75b3250c582e8a19f51e604735392fe87b9d1286aa1caa06cfa94e75acdca7408
SSDEEP

3072:s7UWufi2CesnC9RbIBaPlJSQZLmyzqdAeYwf2v:+UrCesnCzbOkJJpzqdAeZG

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.seagullhotel.com
Port:
587
Username:
[email protected]
Password:
sea345gull
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2768-18-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2768-18-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ