agenttesla | 536-704-0x00000000004A0000-0x0000000001502000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

536-704-0x00000000004A0000-0x0000000001502000-memory.dmp
Size

16.4MB
MD5

40a3d85a674402f63c6049dfb9df58d9
SHA1

6f765c3484885b39d4b5d690f05b698eacc407ba
SHA256

c93a33193be54254718e514714b697773fdfdf6158eed920d96ee0183ee8d80c
SHA512

30e1d37a1e8e100f7f838d5c92b4c91c7916a3a2a9a694e66a62b8971b04fb9ae9bc46dbd76937c9a00ebf4e9f23b1469d0a0ae34db654b6c301710bb2275412
SSDEEP

3072:bwVIz8OqmKOXWSodBXi6CC2DeWq5aGioC0AX:bwVIz8OqmKOmSohgDeW6iT0A

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
qwbf ljzv fdna xpfx
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
536-704-0x00000000004A0000-0x0000000001502000-memory.dmp

Files

536-704-0x00000000004A0000-0x0000000001502000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ