agenttesla | 1016-5-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1016-5-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

896d0bfe52a82aa28514383d874dbe26
SHA1

76662ae57056d9ab1333b32e61282a9066b87345
SHA256

57fe994931e95443d859a08a4cdf3e1bcadf2915137eb38839c42b23e75626b9
SHA512

e6e8af424b95e577867c8cd68f9fead5634fc94f6a6a455e09c26f3f870a2102957e95f3c2837f5c4a4160d04672ca9e87bcb1086fd77c0150aec85d414744b6
SSDEEP

3072:okto26QfhMvzr7DfPnX3soOhdsK5sj2G45p6ANUxPlS:obQfhGzr7DfPnXvOsFj2GANC

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail1.netim.hosting
Port:
587
Username:
[email protected]
Password:
Emotion22
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1016-5-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1016-5-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ