agenttesla | 2420-22-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2420-22-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

5494a5a55ee24d42748b67a28d2e80b7
SHA1

185068019f6ff9b8c26831be39af911020066e8d
SHA256

349872949fdcb188a29161f699f54b609302f6d3c3138f25dff6a5ce05e71f07
SHA512

b873f60a594fdb35909de258029a8492c2f6a0fe94b0e057c57f613b3094ee2c22443caf5dc1fb11a0e8a2d0dfa9bab5e9bffdbbd41bdc61e5dfc0e2df3dacab
SSDEEP

6144:ZCyGC+iolIHgHbr88C71aHCR3mTXYjne:cyGC+iolIHgHbUaKo

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.obmindia.com
Port:
587
Username:
[email protected]
Password:
obm#$2023
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2420-22-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2420-22-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ