agenttesla | 2784-17-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2784-17-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

9f60ec26f35c53a8b9f39cfb83247e14
SHA1

8a4c10de1fe1c08eb6b6fe00137519f40b981acb
SHA256

443b05748a8bf8a636ef4556b37584e13f83fc6501b8b937a5a71fe7a26e40b9
SHA512

b166252549d68f395da3aac0923aa35de6c2b89d21e9eaab2371aee6b11fd29103b4677dba2858108eaf81c72d494c96dbd1c935f1942e9f0669dd8a3ddaf5bd
SSDEEP

3072:ugTFtZ9xtXx43F+7orBdKrqLRFwSR366kFY65ee0p1Ce:hTFtZ9xtXx43F+8r7Krq/w6HDe0nC

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.triorentacar.ro
Port:
587
Username:
[email protected]
Password:
trio1289
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2784-17-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2784-17-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ