agenttesla | 1620-11-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1620-11-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

b26ca81a1db7a6d374e1ae424c40bf3a
SHA1

44dba799a7a463eff467fd95f7e997599dd6af2e
SHA256

10a7dcd23ca88c66ed0618473cc296f0aff589266831630aa03f96a8e417ddee
SHA512

883a42848a4ee44b3142ecf4afdcaad5c3d90fdf923d91f22d7118a8d8cab23e9cc07585d6b4dfec945b4809402d87ab7a591a793a23eb91fe96f52f692958d6
SSDEEP

3072:Ons4UocsB34cf/36bZGO5+j4Y0fYNGRgmAlsU:Ons4Uocst4cf/36bZzUOYNGG1e

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
rneliuvhxvyyxiki
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1620-11-0x0000000000400000-0x0000000000440000-memory.dmp

Files

1620-11-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ