agenttesla | 2792-26-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2792-26-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

e075edfbc850198cfe156feb52f7e964
SHA1

90b4ce9a92e39d431a294c7b934f40fbb5403b65
SHA256

75c0f122f271f3e1f48d43c230d16a40b22a1023e6a44231f86a8cdc2b8cb9a6
SHA512

f3056784ed3f92bdd9d4d394a3f8044ba408b721764e73de43cf16ebcaf1c791b44bdf3c57521d78a481b601c8ee69fb1f0d2fb54c95e7b5cd724927ec1196ff
SSDEEP

3072:Mr3jXrOvh1XY/6iROFUAorMFMd5lwgzfKJ:Mr3jXrOvh1s6xZorMFMOg7

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.topcats.com
Port:
587
Username:
[email protected]
Password:
SpurS21?
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2792-26-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2792-26-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ