agenttesla | 1240-48-0x0000000000AA0000-0x0000000001CF4000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1240-48-0x0000000000AA0000-0x0000000001CF4000-memory.dmp
Size

18.3MB
MD5

f55444c94f4841288b75e9302f24b7da
SHA1

2d7b3d480bc588383813a5157c036baeeeb40d73
SHA256

6af6615206e5c30041a39d923abcd9b587218758cf82c1903222068d690ed479
SHA512

277e084a9b36f8823f47a055df330daf9fd2e1240a707e7010a31d518aed40c3b32aab972fd1ecdf646bfb92b6627da4075cf07d8e70af27161e2fb0a6ab1e1e
SSDEEP

1536:eD2u6W8uyGC+bYpKigQOkQbuwCheerq/914f83fYOU5sywPXGN5Qi2PMX:cOuyGC+UpFjCbuukS91EMgOU5xCGN5T

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.synergyinnovationsgroup.com
Port:
587
Username:
[email protected]
Password:
C@p-Y8BoHc#?
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1240-48-0x0000000000AA0000-0x0000000001CF4000-memory.dmp

Files

1240-48-0x0000000000AA0000-0x0000000001CF4000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ