agenttesla | 2256-85-0x00000000001F0000-0x0000000001252000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2256-85-0x00000000001F0000-0x0000000001252000-memory.dmp
Size

16.4MB
MD5

d74c9cd55c761899559a5baeb28562f6
SHA1

76d4a05989dac8608e85ce6bb8a74b24c9340e8c
SHA256

1bbb845405ab2f49c42990d2144d6b2635356efe15f2690d6c1260b08880fb61
SHA512

3cc8ae39d3922bcfd1d88c99e3cad03c29ac7af6d12391dbb133a6b9b07a9dc87c8cb9006796abe8b2ce8db574c4f16132c451f78e228d90a72ffde156294e41
SSDEEP

3072:SsMUkcnENPLRdkMi58yH9WlQZfC5m5IgG8hOL:SsMUkcnmPLRdkMi58m9WGZfC54GYO

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.inkomech.com
Port:
587
Username:
[email protected]
Password:
Amir@2021
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2256-85-0x00000000001F0000-0x0000000001252000-memory.dmp

Files

2256-85-0x00000000001F0000-0x0000000001252000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ