agenttesla | 2616-23-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2616-23-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

2e1355e935714876d065440882cfd46f
SHA1

b6db789f6ef7b6fec2a66027b5e81f0dfd9f22a7
SHA256

7d240fa8c7f1b885af4db61ad65b78ab98655dd0a1baf37d296b391723ca694d
SHA512

53cfa5bcc565362d547078dc076f73085bc6e72a65a0e5df0ac691e0faec42f6669f0ae8e5f6f15199e42024e58799a182767bbff3840fc0cccdf41ffa6699c2
SSDEEP

3072:Pynx2BZRZxzp7oO0NMsbyj3Sqgt3Upbhued4ABZsqMX57nbpaf:Knx2BZRZx97ANMuyjiqy3ardZsRtbu

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.ronaldsmith.loan
Port:
587
Username:
[email protected]
Password:
BillionPay$
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2616-23-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2616-23-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ