agenttesla | 768-75-0x00000000005D0000-0x0000000001632000-memory[.]dmp | Triage

Sharing

General

Target

768-75-0x00000000005D0000-0x0000000001632000-memory.dmp
Size

16.4MB
MD5

7793803f2f92217c25681e1626ddede8
SHA1

307080832b8bf2da1f89aafaa6b8062bc9270a7f
SHA256

a00b5d188cb9699e1ca499cd493cf42fabe8b455ad617102568eedd8554ca60a
SHA512

a3976e4c9f217db114ac5016905d6f391a33821983d943997c7c518635afbb419a746c1ecf410103447979c131336ff2cd0ea8eb83359661243c529bd1b08a32
SSDEEP

3072:SisMUkcj+UN+aWKi7Ea4VZNrDt1c5PloFQ9D:SisMUkciUN+a9i7Ea4Zrx1yoK9

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.inkomech.com
Port:
587
Username:
[email protected]
Password:
Amir@2021
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
768-75-0x00000000005D0000-0x0000000001632000-memory.dmp

Files

768-75-0x00000000005D0000-0x0000000001632000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ