agenttesla | 2668-19-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2668-19-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

979657b1577fc0646db515bd7f9a1be4
SHA1

a7e7661c411559a9fddf14235c8b7ed8dbb0f423
SHA256

376714bc33f6572804d6a4830dcf99a0078ab147adf5bba47c65cae851d3e36c
SHA512

b30a6207ed34d62607d508367ac916d0255a51b1af4a07118019e66aa233a1fb75fe933990c3b1ddea11b5bb1cb095d6f3673847bbb22bf101d6c9f3af671ac7
SSDEEP

3072:Q1yW+m+2hFiUQuV1usUgImh7lAyiU3h8USp5utI5CIi:QgW+m+2hFiUQuqyFh7lhvSUSwIUI

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.strato.de
Port:
587
Username:
[email protected]
Password:
6M9L22
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2668-19-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2668-19-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ