agenttesla | 2532-16-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2532-16-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

f2d2835ac704846a6e3d23c1797062ef
SHA1

ddb4369d4323578d6b42a11d8232dcd4b355850d
SHA256

d60b89bd9164ad3f1d4c41a6247250d0e1d270a2fb9003bbf05181da0037f657
SHA512

b62f8d19865b21c435104d0c2b8f9e52c4e94b3c6b7ca50456365dfdba4b16562f64a7f07f75291d96c6ff4731e5767c3150fc123e03ff023706d8b68282a6bd
SSDEEP

3072:46MymieCX8j6G+8bZhttEwwkeuD265W89Vil:46MymieCXu6G+8b/fEcD2i98

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
sk8@@@3145411!!!&*(*&$#@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2532-16-0x0000000000400000-0x0000000000440000-memory.dmp

Files

2532-16-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ