agenttesla | 1520-62-0x0000000000A70000-0x0000000001AD2000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1520-62-0x0000000000A70000-0x0000000001AD2000-memory.dmp
Size

16.4MB
MD5

3142a61577c22652fe34160a4e1c01e9
SHA1

4c5f30fb1b42f5ec6884c46ac27660683fc8e733
SHA256

d635177b0b2530e99dc6fa49d8e272f4e48c44c8538e850086ec9ad72f6fa0f9
SHA512

c6503d4c20af9c6afb8a8f59244264845ed044fe7c0acb7293276389f08dcc48a7d368ddbb3ee6fea129d6bdbc540aae7c9a07fd33a20f8913c557ea2f1e1f97
SSDEEP

3072:1WRxxxxfHYoAzw47lMtxA7i6Rt5u2VCDdxz:sRxxxxfjAzwc+Am6RWWCxx

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.cash4cars.nz
Port:
587
Username:
[email protected]
Password:
logs2024!
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1520-62-0x0000000000A70000-0x0000000001AD2000-memory.dmp

Files

1520-62-0x0000000000A70000-0x0000000001AD2000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ