agenttesla | 2568-30-0x0000000000B70000-0x0000000000BC4000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2568-30-0x0000000000B70000-0x0000000000BC4000-memory.dmp
Size

336KB
MD5

c3a1b2743e4d89a078d4516d3d97a30e
SHA1

2026fdbaa80ed3d40eeba5074037fc311931c02b
SHA256

2d260606a4bf6e8376c82f89eb9fa88d4cca1c02cc7dd27e386c3d6c9d2be220
SHA512

f9d9360f53263063462ca9576264218a7d0b44f7f51d0bc40dafa6c676b1f04482f106a7b6905934b85c4e3666267ffdd0b893dae33c9c427608c78f20e4f240
SSDEEP

3072:bnLrCHUN1F9tCX4mIrkj8cj9te4XUkjFzwdDwVdolGbawOvYEGWXwvI:DLrC0N1F9tonIOZ9o6jdUc+l7fT3X

Score

10^/10

agenttesla

Malware Config

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2568-30-0x0000000000B70000-0x0000000000BC4000-memory.dmp

Files

2568-30-0x0000000000B70000-0x0000000000BC4000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ