agenttesla | 2824-12-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

General

Target

2824-12-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

4ed10b872d57c25185e6385e2a2a82a9
SHA1

c79e3f4d5c7d3f35c7e4f99610320c8dc5fee94f
SHA256

cc7f3d92389c142642b9f0babbac1331c9d57630529f75575cd2e15079a497a8
SHA512

2f27b98803539cf77cbe9b45143a3286604445b4b435aba98a51e61f2f9721d307293add4ade527b27cbe03428a2b3e2d8ab74246d58304232e459799a855def
SSDEEP

3072:C0zmieCm/yQ8Hc2Dbj0RWSePOG6Yfkpf5PS6CbA:pmieCm/yQ882DbIR5ePOG6YfkplCc

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.fbarrachina.com
Port:
587
Username:
[email protected]
Password:
Ca$tellon2020a
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2824-12-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2824-12-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ