agenttesla | 1972-31-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1972-31-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

4cf24797cce87594998a0dec3250db47
SHA1

a8c6abbcd75d57975138f3d496203cf88076692f
SHA256

d47bd3c0f386c5a059097f19b5e8ed058d2ca81a65e7b062ed0feb69bc2c8577
SHA512

3378ae2553da6c05493646bf012b57aac6b9ef4fbfad95e55eabed89f6d048ca76f41a40481011235622a4abf23278ee10bcf6c4b6aa65c851b7d735cda5630c
SSDEEP

3072:8QVATymie/UBuCbVvJLFzTK+2c04s5XqpP1N:8QVATymie/UBuCbhBxr04Vpd

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
cemfa.com
Port:
587
Username:
[email protected]
Password:
mohamed@cemfa
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1972-31-0x0000000000400000-0x0000000000440000-memory.dmp

Files

1972-31-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ