agenttesla | 2768-17-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2768-17-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

3d96add6fe90e8f1f036bb7eec2b9f85
SHA1

b88f8f1394541ed27725f0c12a0fdfe9791c7fd8
SHA256

8ea753ca4fa10a9565ac2424ed429fd9c9e16566f16993dce739ab1dcbf8e794
SHA512

d10fa1243b0aacfe3014824d25c5d670b52c0026692007d65f1b90bb1739c4190af75eafa2b82a95c6267ba384f770ea9f3c8f0ab5fc492f3ab2459717980ad5
SSDEEP

3072:alUfeCmUDkxk7EFcQehwbwXZjImTF+Azs5vEllH:alUfeCmUDkxk7EFcQehwbwpkmBFz3ll

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Loverboy@123
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2768-17-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2768-17-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ