agenttesla | 1816-74-0x0000000000B50000-0x0000000001BB2000-memory[.]dmp | Triage

Sharing

General

Target

1816-74-0x0000000000B50000-0x0000000001BB2000-memory.dmp
Size

16.4MB
MD5

43c8f74d5f67d9fd13dc14fdf7c66feb
SHA1

60ace4c089a12ae5706defab0b9389bf9e216d79
SHA256

f45426bb38a5744490b05c3480071474bf61854c82122fdd690f7c256c84f215
SHA512

58f79431e3b67bb6d708c90ff1ea5ee74e7616e2dd5e3c8f6ebdbd2b422d55eb0d30e4dc6d5fd9b94961397d3a3b4d6e55ab330773f7e08c48e76f52417e4ad7
SSDEEP

3072:XisMUkcj+UN+aWKi7Ea4VZNrDt1c5PloFQ9b:XisMUkciUN+a9i7Ea4Zrx1yoK9

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.inkomech.com
Port:
587
Username:
[email protected]
Password:
Amir@2021
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1816-74-0x0000000000B50000-0x0000000001BB2000-memory.dmp

Files

1816-74-0x0000000000B50000-0x0000000001BB2000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ