agenttesla | 476-57-0x00000000003A0000-0x00000000009BC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

476-57-0x00000000003A0000-0x00000000009BC000-memory.dmp
Size

6.1MB
MD5

b763464097a6bb9093c51796ad0811a8
SHA1

dec97b809a52e305a2ad997a9cf8b3c01d7fd2cb
SHA256

5847e1c11409fe90ff087f899d5cbc3c0e4154a7b6cba7d6cc678f1ebc55f385
SHA512

242130de9053c8ce6d64fc1d638d31a19c32edcd6e8176dd9246631a882406db7334f81f9e74f3c12e7285135ac7c250381f6e2512c5a94f1d332db7af95a167
SSDEEP

3072:gLrOBNkY+ZNjHDXWozVkFc4n+3zz2jd+57S5pNC3FAq8:QYkrZNjHDXWoxkhnozEs7Sg3Kq

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mymobileorder.com
Port:
587
Username:
[email protected]
Password:
Grace@20233
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476-57-0x00000000003A0000-0x00000000009BC000-memory.dmp

Files

476-57-0x00000000003A0000-0x00000000009BC000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ