agenttesla | 2592-957-0x00000000005B0000-0x00000000005F0000-memory[.]dmp | Triage

Sharing

General

Target

2592-957-0x00000000005B0000-0x00000000005F0000-memory.dmp
Size

256KB
MD5

063e9ec9bef51751d20003c452a7b025
SHA1

7e44356235278b8b6d78a7da48d83fc4866ec2d9
SHA256

155b6e8c6650569c15068b59891a89c7be2fdf3d9c75599ecff47012eae1c69f
SHA512

164226d912e95e912b3f5a40dad6f9b2705217a5581957c31d2bb3ace2d274fae24c0e832ca0c21ac5ea44b99ccd245176ad58bb50774943093b52f77c202d65
SSDEEP

3072:aEpD7rT5eONUAimhv6XzCZSNKm4vUpE4v5PKLem3g:aEpD7rT5eOiAphMz2SNK3UpELLV

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.doganbobinaj.com
Port:
587
Username:
[email protected]
Password:
DGNbbnj99
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2592-957-0x00000000005B0000-0x00000000005F0000-memory.dmp

Files

2592-957-0x00000000005B0000-0x00000000005F0000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ