agenttesla | 2112-11-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2112-11-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

ecd6e92ebad88a3ae6bfe4fb285e11f7
SHA1

1363253f44d9bf5222f3cb8d5f60c8cf20764e57
SHA256

4736394560a75db24da2648571c9ba16ec0cc21069cfa9c345f25e92a1c65baa
SHA512

b1aa61668fa80ddfeb53fe3dfe3943fe6a97f225933f9eca100c062b60b45f55b93a1f29e261ff622f2e2e21b205f353dfe7fc81e22f6883b6aeb1e9f0044360
SSDEEP

3072:MmYbC+iGy4tuPPaNlbJcLbQts+XEjB3Vkb85O2Xxi:MmYbC+iGy4tuPP+lbJ6bQyE6B3mb+Xs

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.tecnosilos.com.py
Port:
587
Username:
[email protected]
Password:
kOS;ST~,F3UX
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2112-11-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2112-11-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ