agenttesla | 2616-12-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2616-12-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

95275d3249827c6ae5ccd2df159c3a61
SHA1

bb6d53d16914034257f8a2ffb1e3a3434bc17695
SHA256

9861fda94b4e0d53a79ffaf3db5a39a4de3d72a7aa68ee46e677261d35487735
SHA512

9b62a925aa01a64a49ea7ebd1d45f5ce2e863a8852869f1bdedb31763981dedcdb9b4a53b7ff09fb550da50e5f0785adf2e6345a9c19c11087d755659eda07df
SSDEEP

3072:22CO+2umuvx+v7eSiWfnByNPgftA8A5gu+0/g6cLi5kAIE4R:22T+2umuvx+DeEfgNIFj5O/+qIJR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
N@DRpoY0
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2616-12-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2616-12-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ