agenttesla | 476-63-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

476-63-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

c99427d5f2f28a51c824e440767430ac
SHA1

30a414d41521991a3d48081226d6d75af3e303da
SHA256

35bfd8770f7d6c363cc6997e9be4e7525e2a9fedfa8e19c1f524251a77fd4979
SHA512

36eb5e075bc316b801e4cdb4bbb479cfd80f25ccfc927ee8a0b86b999d7cd7c88a74fa2344651082870fd795467b6dffb29a9bbdaa8cba4568ee834542b9e04d
SSDEEP

3072:6eDLubNUmK7zLQfrVKlxwDU48ttS7SkIq0uA:6zNk7zLQfpES4tY7SC0

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
DKL!@eK8
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476-63-0x0000000000400000-0x0000000000430000-memory.dmp

Files

476-63-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ