agenttesla | 2580-21-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2580-21-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

325c7a45449d30a3b4b52d263b518a3b
SHA1

0de8d67c252e9dc9a72120c2fe26e8db93092593
SHA256

04d82b9d9371784f001373908a7b957c6bcf88baef89e108b8899ac2b24fd559
SHA512

55e77cd9ad903dc52f5a255bfa378675fec3e8f18c2a9b30879e9ab434c153423428e3c68d4b13bee6cb2a26feb3d9df3ab083db973e800a766d590e45cecc72
SSDEEP

3072:Th1Cottl/CEuyLw8YZC0ZibQ1H5GHAC2F:Th1Vttl/CEur8YZTZibQ12Af

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.lgtvproducts.buzz
Port:
587
Username:
[email protected]
Password:
5662205aceACE@#$
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2580-21-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2580-21-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ