General
-
Target
1832-61-0x0000000000400000-0x0000000000452000-memory.dmp
-
Size
328KB
-
MD5
d182fe9b34b852e898f243af548b5bb8
-
SHA1
fc94df971d2c146af99b3cf1a379acbfd8061671
-
SHA256
e27ba53b900f6d7ec752be25dc5696aa2b85d716be3b4a26b6252604c78c7bce
-
SHA512
baf067453ab03219f8104d2c958402012103a2886eeb3d4eb0f5636a9ecec34819fba288fe9f16494a63a403bead9dc185ed7eaf66a7930d7d55998404cebcc6
-
SSDEEP
6144:0lvPSCiP3SQ3hc7n5s2lBCrYWNXMbpHLjwb:0chPknT
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
srv31.niagahoster.com - Port:
587 - Username:
[email protected] - Password:
123572525finance
Signatures
-
AgentTesla payload 1 IoCs
resource yara_rule sample family_agenttesla -
Agenttesla family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1832-61-0x0000000000400000-0x0000000000452000-memory.dmp
Files
-
1832-61-0x0000000000400000-0x0000000000452000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 299KB - Virtual size: 298KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 776B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ