agenttesla | 2612-32-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2612-32-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

c998d52ac5dd17edec30f8bc33e29aaf
SHA1

e1e36d0c4c13b5fef70370f9bb3ded5c7087307e
SHA256

6734e003158dd0aaae445b6c17064a8f7d9d5b22e4374585f7baba360bfd6e13
SHA512

8170c48fb1ce142403d265b1dd2cfb09799e5546b52e2a32cb8a45834d9ccf38f9a67c4ddc9e67a891e7af769e33e73653d497477b13b9da845a76004b60b2e5
SSDEEP

3072:J612WdtNdt2B6Jd4Ahfg5ykSB/jLcv0Y5/MLm1exoAS:J612WdtNdt2Bmd+SB/jLcv0tC1Eo

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
webmail.amtechprinting.com
Port:
587
Username:
[email protected]
Password:
VT(*FI[(l&d0
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2612-32-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2612-32-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ