agenttesla | 2696-22-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2696-22-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

f2f5a75ddf760cc27a5a98019c373e21
SHA1

aee878254f46cfb9bd9c873ee5bd30b290eea97e
SHA256

8c485b1e663c6ff8a42dc294fe36403b922f6eeddc75265cd53591f5e6c3c697
SHA512

d69f937dd1c5352c43ece54f84f45a6f2470c79715e8c29861058808a5cba2634bf38e71dff7a69ab8c15d75c6a75682792996e6bf4b0d54e85cf8c6790d2569
SSDEEP

3072:lzNMcuHwh2NN1VtpKTEui+12lLSr/fZ2rc+5Mhu4A7:lzNp2NN1VtpKTE/q26/fZ2AJu4c

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sachingandhiarchitects.com
Port:
587
Username:
[email protected]
Password:
devi060911
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2696-22-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2696-22-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ