agenttesla | 1504-60-0x0000000000B30000-0x0000000001B92000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1504-60-0x0000000000B30000-0x0000000001B92000-memory.dmp
Size

16.4MB
MD5

bb4b6afe8ac01fe19c1e27a58178300a
SHA1

03374f41dca6a5e07467787c4c7f08c1bacf5c67
SHA256

c0063e67d11039de31cd1c87d8bb4d0cf99123757faaf427a93611f3bf819460
SHA512

122ad5509068689700aab9f15351dc62c9896b4a7c795193ae8eadff99413b70b16455ed675003ff63f8aed581ba94afa626dfc8517bf59540b3308d240a3789
SSDEEP

3072:cI3zPjXjPIzozxZIN7Z8BFl62IARRn5LFSG9pW:B3zPjXjwzUhZIARR7Sup

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
emmatech123
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1504-60-0x0000000000B30000-0x0000000001B92000-memory.dmp

Files

1504-60-0x0000000000B30000-0x0000000001B92000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ