agenttesla | 980-62-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

980-62-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

734042f7a374920d15aaf160c4779b63
SHA1

99fed1cbfb84ff0750767a321903e9c944941f44
SHA256

7ae02f2c61f64107e686182ec9d03468ea658498239ddac1cdfb1ba3c10cda1e
SHA512

d4d02446a56a8cc7b2ff90deb07d1e853083cbd4fa2af503f42ac46d2ade1f962fda07820e0a7f6648be6ad7785aaa46bd35c6f8b2e66e32d2b88da3208b3a1b
SSDEEP

1536:zKd0RR9V4NPYEBUSMzl9ybrdZFwlC7UGD5Bny1Cn0lHEgfBjCWG9Srd+d452+rkL:z60BV4vqUrMBGDjy12eEgfgn7dh6gDd

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.awelleh3.top
Port:
587
Username:
[email protected]
Password:
NP2PpJT?idXk
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
980-62-0x0000000000400000-0x0000000000430000-memory.dmp

Files

980-62-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ