agenttesla | 1812-42-0x000000006F8F0000-0x0000000070952000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1812-42-0x000000006F8F0000-0x0000000070952000-memory.dmp
Size

16.4MB
MD5

c2e5bb24aab4283bf1da896b73a7a0d2
SHA1

09e0e9cbf95443b9b7fffc86450782dc816bb791
SHA256

6ff34ce4eae85ae65dca35f4c292d2ae7e9b964ff10cbdbe583f1cf71595779b
SHA512

78088f2e91bb3bbc6c856563b129bb4836733588870e0b23b652df5028a870530c4a3683f18330cbcd80cd41830ca7c269f29a9fc8ab8bfb6350d14f855f74a6
SSDEEP

3072:vtQiW5tfHX/PhgysIbOwnO/S9prLQHEJ7z:vCL5J3/PhgubhoWpnP5

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.1and1.es
Port:
587
Username:
[email protected]
Password:
Adam2312Ritaj0810
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1812-42-0x000000006F8F0000-0x0000000070952000-memory.dmp

Files

1812-42-0x000000006F8F0000-0x0000000070952000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ