agenttesla | 1548-1001-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

1548-1001-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

8dbdef1a5019d655689fe58377ec5815
SHA1

c6d872695a5b5af827c021e23aa11867b258afcf
SHA256

4adb93abbd8d16b35c8429a764c97fe72c25c2b5b7fae9e31ebb7e15f8d52eca
SHA512

0396418ba4286d45092258badc1f0cd707694ee3e45091eeedeb2345e3d29bdc19385e4118ae1beb73b7edb8196cee73272526d56e269c0dbc72500a7b09f997
SSDEEP

3072:D9XGyuymfuvg+8Vb6pBA6c6YTX5QaEgCRQ:D9XGyuymfuvg+ub6pOH6YTggW

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.bezzleauto.com
Port:
587
Username:
[email protected]
Password:
kex#-rHjHM4qKk52
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1548-1001-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1548-1001-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ