agenttesla | 2960-31-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2960-31-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

62b895d2d5b775e88cd07121445d2743
SHA1

2ca016833e36f30bf6b261b0988b2a930c7a90cd
SHA256

167efa0029bc5464ddaec6a8f7ee6590fd5066e631aa429f88ee701ab3b236f4
SHA512

cbf13acdfbc966ec35b276dc00d2512d4870e55e3b8128270ac401e42df41d8a5cfa77332b420f99fdf2012534e92d4430da8be1097c0ca5769d272c031dee80
SSDEEP

6144:uVa4IoHM7LjTbsebdwmIvqJk+Q7/ZJ/0lh/:sa4IoHM7LjTbsEC+EZJM

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ariafarin.com
Port:
587
Username:
[email protected]
Password:
AFJ@2019#$%
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2960-31-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2960-31-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ