agenttesla | 1976-65-0x000000006F760000-0x00000000707C2000-memory[.]dmp | Triage

Sharing

General

Target

1976-65-0x000000006F760000-0x00000000707C2000-memory.dmp
Size

16.4MB
MD5

72bfd04a8c1c9d6bedf6983843b68069
SHA1

5792522d6783bd7971324d32e53c27494069fb86
SHA256

160197804707be919003ea13ef6368def5c470a699968c1070ef43384597ae56
SHA512

d050d119b15c92424f7468db94d99b72e7eee5c5c49553fc5826e54e75483d26c5419ff1828e515b2c21aece9fcc472788bdbc05cdf5aba577adfa2238c32229
SSDEEP

3072:EOcidxftJ9hqbZMaIdc/8xqBAlCD3685bWivn5gaR1zL1c:9DdRtJ9hqbZMaIdc/MqBA4Dq8AQv1n1

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.itw.com.my
Port:
587
Username:
[email protected]
Password:
ameen@2022@A
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1976-65-0x000000006F760000-0x00000000707C2000-memory.dmp

Files

1976-65-0x000000006F760000-0x00000000707C2000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ