agenttesla | 4564-75-0x000000006EFD0000-0x0000000070224000-memory[.]dmp | Triage

Sharing

General

Target

4564-75-0x000000006EFD0000-0x0000000070224000-memory.dmp
Size

1.0MB
MD5

ab1d3c8f831cd6e8063fba868c1d528e
SHA1

7e6badad6f3dda1cd870e5396988ef3589f9a98d
SHA256

8847803441faa92c1d754a530955128ebeec811835a427aed766ef674ae00aa5
SHA512

58df384aab9931fec13d1fe87f93e0192d9f7167423c96e4621213be12b9b8a9d3dcddb1d99a668a659cb2ad4d541cd17b6db7b81624cb15a0b6786a4dc3c6bc
SSDEEP

3072:5+qZPPvPB8xaZ0gkdRde2nC5MtA7qVuXQ5piMwpeDq0:5+qZPPvPB8xaZ0gkLds5D7qVuXxMwKq

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.etasimali.com
Port:
587
Username:
[email protected]
Password:
RECRUTEMENT@2023
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4564-75-0x000000006EFD0000-0x0000000070224000-memory.dmp

Files

4564-75-0x000000006EFD0000-0x0000000070224000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ