agenttesla | 2964-81-0x0000000000490000-0x00000000014F2000-memory[.]dmp | Triage

Sharing

General

Target

2964-81-0x0000000000490000-0x00000000014F2000-memory.dmp
Size

16.4MB
MD5

04addb6c0851862db508e1cb83bf6314
SHA1

cbdbcd1f1bb54501e1bd01f9f3d444b050bda6ee
SHA256

5e9b798cca4c29ce30caa0997e6a5dead6fe602e41a43df46925ca49c5415f5d
SHA512

b82b9c3eff4c78f179d83f5f178a2ac8d3b6abd9bc8b71034c46f9240263b90e961c9178ffc4e31d0a32a7d2ed55eb96bf0c91689f62434850d13f8b0f1575cf
SSDEEP

3072:YE8+JlxVZwGWwUt7h9UboZ6xKKPgB3Rp5qDQV6V:YE8+JlxVZwGWwUtTUbosxKigxREQo

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cp8nl.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2964-81-0x0000000000490000-0x00000000014F2000-memory.dmp

Files

2964-81-0x0000000000490000-0x00000000014F2000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ