agenttesla | 2544-12-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2544-12-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

34403f3323aede33add07929d44e3864
SHA1

4c263381aa480a4bb0a9bc0f63e5ddeca65a8f13
SHA256

0047ed849929e320455436fe2201a25f9f929b0de27a1dc1ff5943f979b157b8
SHA512

f04fbd14b221fde6bb6eef61a86375a2d79b80b43da8d11e0d754681b4d7c337beb4cee895b585ac234e83765e9b955ed82e5ccfa7acf29ce75ac9f92de4493c
SSDEEP

3072:e4U18kKWi2NvzWygPc11THOYyQ01ITe5oiagNOMXS/:eT8kKWi2p3gEX7OYyQvT3gw

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
198.23.221.13
Port:
587
Username:
[email protected]
Password:
admin2
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2544-12-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2544-12-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ