agenttesla | 752-13-0x0000000000400000-0x0000000000440000-memory[.]dmp | Triage

Sharing

General

Target

752-13-0x0000000000400000-0x0000000000440000-memory.dmp
Size

256KB
MD5

3eb2acab42a0b79d1d9764fd483a0214
SHA1

a71cdee8bc836dce4ef2ee48ff0808a64af3f80d
SHA256

b7935e70d49a73af97db16225e58730b3db44a108b43a3bf4fc4eb818fdcd951
SHA512

f288f26a47931ad574aeb2f82be2bc1967610bb4bf85d5dcca2c67f9e4609b697a5b49dde12b7d942b396caa3bbcc230d9a446333db6142d6e65cdfaeab33bd4
SSDEEP

3072:UIv0Uc4U3YsXVaPvLbRfbPo/rW0sDeijxG:3v0Uc4UIsXVaPvLbRfbP6rW0wl4

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
maquinariayjardineria.com
Port:
587
Username:
[email protected]
Password:
riber31
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
752-13-0x0000000000400000-0x0000000000440000-memory.dmp

Files

752-13-0x0000000000400000-0x0000000000440000-memory.dmp
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ