agenttesla | 1448-94-0x00000000004F0000-0x0000000001552000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1448-94-0x00000000004F0000-0x0000000001552000-memory.dmp
Size

16.4MB
MD5

45a49e0f1cd871e803913da8752494db
SHA1

554cf66505499a2b2774019d5620d5df0ed27aaf
SHA256

15444385bf86e3be21492ee8354c7f03f713a98cc923cdfbf16aef97e9603ccd
SHA512

26ee7f78b9d96e084d46d9327f3f84aaeb143ea934476aeb3c975b93fa4a3cbcb8d07f86edfb6d448fa889181957ba06b888d6fb6dbe0cb022bf3a9be727d793
SSDEEP

3072:c5sapxQnfn/XGmireF49hIxbJfjj1nh+no651/kcGkD3I:c2aEnfn/XGmiretjdnh+nockZ

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
0nVaQweHLu8RyVL
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1448-94-0x00000000004F0000-0x0000000001552000-memory.dmp

Files

1448-94-0x00000000004F0000-0x0000000001552000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ