agenttesla | 2884-13-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2884-13-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

077f137b0a545a60d3014a6be98cd94c
SHA1

54381158b3befaa672c321f08e8b547f03ced05c
SHA256

a547d7c8a5f4dffda42c073de89586075fc88294726c18fc8d3712afc9dd4e43
SHA512

88d597fc05a4bb0844df2fa31af6ebf5122af4e799538339b0a0731e67dc2ca2ddc93cbea69b82f06da7576291c47237997f8388a48079938882ce22fa314314
SSDEEP

3072:skQ7pzMNahHfhTcg4Y+gtCMluE5tFt/1eyl:skQikhHR4Y+SCQ5d

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.unitechautomations.com
Port:
587
Username:
[email protected]
Password:
Unitech@123
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2884-13-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2884-13-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ