agenttesla | 2568-16-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2568-16-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

4d6f50610cfd73fac41a80f28ca313ab
SHA1

7b0e696b5fd343a2f6b245e4db2ef67778f57a6e
SHA256

cd74c67f36fdc83f6d52dd360fccfc7ecc15c4810b96837a33d15c3a46f00ca7
SHA512

9a5f6fc234bd9172669b60b83b3002971c55195fc6d81013c50a29b0e4e410eef03b8fea5b9cd8bdb9dbabbb38c38ad4dac8d719ffc53801902dab9d2b44d7e3
SSDEEP

3072:y0GyuymomOY5b1tXU98U7Cw5h3l4ZyZG8kj5dMb9DZ:y0GyuymomOY5b1pU98uRl+yZGFIbD

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.funworld.co.id
Port:
587
Username:
[email protected]
Password:
fwp123mail
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2568-16-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2568-16-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ