agenttesla | 1780-84-0x0000000000940000-0x00000000019A2000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1780-84-0x0000000000940000-0x00000000019A2000-memory.dmp
Size

16.4MB
MD5

d71a57e8cd60c2d8f2773f71579993a0
SHA1

4cb49eaa00033f9857420be31769d96283009b99
SHA256

039858623892293cf5e36a0e6d0e72250a20f30c57cdb8354bd2b72dbec384a4
SHA512

3fef34097f9e365924fa98d577d68f34b4eba91f4330e1f2376a45e93e5fb07c43ed397596ae65d6fcdde165fc315f058091ac2d4462b8d61a5f1c47b9878a75
SSDEEP

3072:Ie2dMcMsM8z4PsR4GKuh7eg8w5Q9vHSq6B/:V0McMsM8z4fzuh7egmvy

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
FczQrYLPEFEXumG
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1780-84-0x0000000000940000-0x00000000019A2000-memory.dmp

Files

1780-84-0x0000000000940000-0x00000000019A2000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ