agenttesla | 1808-15-0x0000000002120000-0x0000000002174000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1808-15-0x0000000002120000-0x0000000002174000-memory.dmp
Size

336KB
MD5

8a6cbc0af6c83e2e00abc5d233315cf6
SHA1

e92db26bbe8d660ba057c7eacb8bdc6da78d4950
SHA256

726a45108637e74dc86680633c5908eaffc9bc84d2be6f8fd9791faf7d592383
SHA512

3837043d230602d8a70ae1e048ace7305a53aff166799fc8bbc56ee3ff80f019df6887100c15e8fa3c5f0ee6ef57165dc4583a33fea6d4a49622fccee1f85693
SSDEEP

3072:fzJOKERZRZEwXpnRvqaVN0TnvZcWw3neFB9y3V+nB7WFdl7C5G90ISFZUhjpbZN:LERZRZPXpnRvmTxE+7WHlOA25Zep

Score

10^/10

agenttesla

Malware Config

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1808-15-0x0000000002120000-0x0000000002174000-memory.dmp

Files

1808-15-0x0000000002120000-0x0000000002174000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ