agenttesla | 996-912-0x0000000000480000-0x00000000014E2000-memory[.]dmp | Triage

Sharing

General

Target

996-912-0x0000000000480000-0x00000000014E2000-memory.dmp
Size

16.4MB
MD5

43532ab4f102f635fc592bb16653a064
SHA1

d89f10680d49245144d1fceb5bc6965603bd8648
SHA256

4a87010cc4a4e0871fc0267d6e1d9de6b8fff610febe5fee02e3845aa286aabd
SHA512

6715ea1327d41f5adaa145c12e69f75fa2058bd4490e319b4c150343a6efd6dc714ba36875f4f08b68ac7b5a30b25d4fde99965875a584292afb3000966a9812
SSDEEP

3072:FqvpnCyuymi9nDJHfbLQ5gHFu50PS86l:FqvpnCyuymi9nDJHfbLQwF9SX

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
neontechvendors.com
Port:
587
Username:
[email protected]
Password:
Mustfly@90
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
996-912-0x0000000000480000-0x00000000014E2000-memory.dmp

Files

996-912-0x0000000000480000-0x00000000014E2000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ