agenttesla | 2648-13-0x0000000000400000-0x0000000000444000-memory[.]dmp | Triage

Sharing

General

Target

2648-13-0x0000000000400000-0x0000000000444000-memory.dmp
Size

272KB
MD5

b571abbfbfc7f3e30f6dd933249da611
SHA1

646382740966e929c5733447cd88138e4d383a80
SHA256

5469f7b8f3f1289c09025782deaa0fa8110bff0bbd32f355b444014a686ea214
SHA512

fb8ddc195864767a332a19e5591827fcc9331c5bc4014b6b1aa820399122c8c09743e44f187397714564d3e2823433eef8bf6849c5f01eacee8cf8ae0520b57a
SSDEEP

3072:ySnEe+5ZilUSZ5Cz/ST68aGQ5WYk2Rf91y+B/28:ySnWuUkCz/ST68rQ5a2Rf91yY28

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2648-13-0x0000000000400000-0x0000000000444000-memory.dmp

Files

2648-13-0x0000000000400000-0x0000000000444000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ