agenttesla | 2816-11-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2816-11-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

d720f4e54b7b2c9e9b26da3ca484fca5
SHA1

6957d5cc3da34e149fa0d3cc6aad1b9b55843d08
SHA256

214c72317713f055368e73f357e50840e807c99790f1c6bf15dc1af82afe1920
SHA512

3afa50c506ced7f52a44f3f8141c426b6702c8679686b8c1c769d1148c54cfd795b38f19da4bb361ac61d0ed614a9e29ffdfade7bc45ee26ff727099ab15f166
SSDEEP

1536:rf2V0XkoOpNGC+iGJ4Y+q8GCnTbbCE6/YEpyeuvvhueFVMhPrzoL0e5hm5T0DOHj:z2pzGC+iGeY+KObxoYEnBe5COOFcc

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2816-11-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2816-11-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ