agenttesla | 2672-11-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2672-11-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

7afe1a35ab6fb836e8742dd20da546ce
SHA1

fb8a178c8e51a4d1a82ff971f861fa349ff30288
SHA256

201377eefc598942e5b190b580f25256161e445e105d954171c71852301aeee2
SHA512

701926dab33f7da2d6e732fd42031efc9388240a676962df442630aac5591be7b2a875886344c042b2e8257a03aecdc871964fd64e8f937f1b7ba897520a1a4a
SSDEEP

3072:cA48qS6SeI1GXAc3ui2j5GIl4ZytKabOJJz5lvkA+g:cP8qS6SeI1GwQuvF9l4eKabOHPkv

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.flecon.com.sg
Port:
587
Username:
[email protected]
Password:
8CJN6A87XUIU
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2672-11-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2672-11-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ