agenttesla | 2664-16-0x0000000000400000-0x0000000000444000-memory[.]dmp | Triage

Sharing

General

Target

2664-16-0x0000000000400000-0x0000000000444000-memory.dmp
Size

272KB
MD5

03eab0b71e9982bca103951e0fd2bdf5
SHA1

09406d1cae2487834111896eae16ea7b7a56d0ff
SHA256

b8a8dd9e7ba348652f1e90eb9f63b2a7d5965d335b24946e013bbe5be4af2b34
SHA512

11fa3b3205be08f6bc397ad3227b796b5ce264b205164207725576f7cf973f2d73780ee227990b3d7a6f6a5b9915c1970beac252c8588f31b5b6ad23a2f05811
SSDEEP

3072:0rSUugMsFqHg4gkkfT1zk4GEYk33bHJjEOCc:MAgRZ4gb7dWsnbpw

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.epic-office.eu
Port:
587
Username:
[email protected]
Password:
Ghostarmy@@20222
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2664-16-0x0000000000400000-0x0000000000444000-memory.dmp

Files

2664-16-0x0000000000400000-0x0000000000444000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ