agenttesla | 2648-22-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2648-22-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

8db305cdf6bf63ef78f1dbeb5a24eec9
SHA1

ef812caf2605d5da2ae9683beed4a3e5a8ff3242
SHA256

6df292072fc0a3d6cafd4b57db0bc92d3bc1b0f541cd03fb2c11d2f150787519
SHA512

7e6968d2abc37fa9da142775d291780799cfc2b4759f96a0f7c6f7c4d80e9206d7650a3787e87db9c680d5c5a060ee96d378106fb47990407b89de5117f38b26
SSDEEP

3072:nGhU/pLTjb7ujN04nx52nQrSuoDJ4bKZw5zpHDMsw:nP/pLTjb7ujN04nCQ+uFmZ2tDR

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.stilbo.eu
Port:
587
Username:
[email protected]
Password:
StilBO_#1
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2648-22-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2648-22-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ