agenttesla | 1540-59-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1540-59-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

20caee381dab4763f7e89d7a5df6793e
SHA1

f3f9b006328af3cfaaaf4ee6eeb5080a1ecd5b0b
SHA256

34ac7dad13d2c413e8e50b99741ea30a9bf0a5ba3d09c1a72cb87656bb6d281f
SHA512

75dfb492c0ffd105ea60ed599e0a92d142631aa5d1b4354ed8210092c17e6e606b92afe6ba61331a8af1944bd953a88d28b05039418cc0f5763ece11e305593f
SSDEEP

3072:8rP0jCVQWVJZITbOl3XK0AUVY0DyFvnc9mZncaJ4MOZj:FoVXSOl3XK0v65F/AYzJ41

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server1.sqsendy.shop
Port:
587
Username:
[email protected]
Password:
]$}$r3TcLdY$
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1540-59-0x0000000000400000-0x0000000000430000-memory.dmp

Files

1540-59-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ