agenttesla | 2684-8-0x0000000001F90000-0x0000000001FE4000-memory[.]dmp | Triage

Sharing

General

Target

2684-8-0x0000000001F90000-0x0000000001FE4000-memory.dmp
Size

336KB
MD5

6f509632bbbd788ef25e1023c86aeea2
SHA1

8e82f3354c18264c2a43425c191580f556201dc3
SHA256

74e539eb1eedd34724a84ea20642d3888e055f43458c3f499872fb7b5fa4bae9
SHA512

4598536d6a3a5a1e9d8b41a0174b3d987ff5690ad9ab86c508a511dfacd762f3a6015d415114dbfadc0c28c463a69d322e6beea4505d43c21c87984e64c67b4c
SSDEEP

6144:IWbtJthtBOoIhv3nqfI9m+MCVBslEul5Tk0C:IItJthtBw/nqfwmtCcJQ0C

Score

10^/10

agenttesla

Malware Config

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2684-8-0x0000000001F90000-0x0000000001FE4000-memory.dmp

Files

2684-8-0x0000000001F90000-0x0000000001FE4000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ