agenttesla | 1888-23-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1888-23-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

12863131f2919baf49b6c871bdf06715
SHA1

13c1046e1c1b771d82ab71b4c6f91729d2b751d2
SHA256

47d57d00e2de43f33cd56ff653adb59b804e4dbe37304a5fa6a202ee20b50c24
SHA512

3bfe397f1bea844b49c14aee89dec1f7e5ac7603414a2370b4742a659a4a6cadcbf138b4db0772ce77d5b3b1d728b8c5241970ab0259cc239f7703db181c167c
SSDEEP

3072:NEmcg0Qc3slDeIaUDDeWCnLY/BZeJUGKLCKEEJpoZ5E/Fxm3:imcg0Qc8lDeIaUDDeW+0/Bb5DOMFY3

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.horizons-swgr.us
Port:
587
Username:
[email protected]
Password:
Na13579$%
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1888-23-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1888-23-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ