agenttesla | 2756-13-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2756-13-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

cfe91e5404f5edfb2a12a3b3d4e13d4c
SHA1

3a0ae4cffbc839c55bde42f092ac1a7f0128eac6
SHA256

3f4f965d4f362f42c5b05be455b2f7bd95d892f23983fa0f18f4c333985118ac
SHA512

f8b7e867b914f4dbb381345ccb6eb0724ad3a86108b6da2d27d314d75e44158f301e8bfdc7aa97bb477e830cb9568b8ef608f5f462ee16d945db264a5056c42a
SSDEEP

3072:aUHT7iFYBUad88RBV6h6bLPvj5bIpj7U0cnWc:a0T7iOh8eBV6h6bL3lbKcD

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.areauganda.org
Port:
587
Username:
[email protected]
Password:
Abcd100%
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2756-13-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2756-13-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ