agenttesla | 2360-26-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2360-26-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

2455d6ef938c28113832800e40664b65
SHA1

ea1c67e237720804643dfe09aff1e19e6dfffedd
SHA256

6335678112627643ecdf0271adf91f806aa399c482c4316d2929c1651c5eaa66
SHA512

6ed0c53b30320f8e98971f4328415c4a3e544de5a2d2ae92aa4f9bb7dae1a3a3d362dd8e2017a1028d161e74ee8c782e96241ebece5911200d7942257a8716a2
SSDEEP

1536:SD9+NHBjW1yGC+iT9a82BBsW0bcuCDdqwZCjMwMfOIvtE5FBGKZt8OTByfO/i:Xz8yGC+io8IBL0bcBjeWvtE5SE8OT

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.officeemailbackup.com
Port:
587
Username:
[email protected]
Password:
-8HZnk(my(j,
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2360-26-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2360-26-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ