agenttesla | 2984-11-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2984-11-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

cfa1b9a2c5ef11951a3d616fc464a47e
SHA1

6b48f0642f71d41a70044932271fedf15c477f3c
SHA256

30aaf52598810e4b1067e5ef6e6795dab7aad39e159c9eca52ca9a6510a431a4
SHA512

0987c515b31052996fdc90f0810b8703aaa3577203307246389c7351746c4f94866bd091a6d7c292e92e207b2add366eae45ebc1bfd79ef870390b1ee37a6071
SSDEEP

3072:aFR5h5BBhz5YiCcuAAJTtFp0mKpS5QuBjuPh:aFR5h5BBt69c4Vtb0mW+B6

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.myhydropowered.com
Port:
587
Username:
[email protected]
Password:
q5NHtWyc5WKhunX
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2984-11-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2984-11-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ