agenttesla | 2812-15-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2812-15-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

cc32521f8883531b0a6371c1129277da
SHA1

e5728fbe35f61be27c3dffd2defad34badd9e792
SHA256

c697e216090444cc8a7bec3e7b68fb2bc0702e55017c4ab1bd663367858e85b9
SHA512

e26de1ddf81b2da48d6243e7e1ea569e96eb621152951fb9c54e2dea97721ad029e8a44126a61a0f1e8ce8484f8b7c2e842ebe78397262c995349b35ce0d48ce
SSDEEP

3072:dFS5h5B5RGyPBQob8aJPoH0FfIn57N0OUJW:dk5h5B5RTBH4QPoH0FfIX0r

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.apexrnun.com
Port:
587
Username:
[email protected]
Password:
%qroUozO;(C2Rlyb
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2812-15-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2812-15-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ