agenttesla | 4740-56-0x0000000072300000-0x0000000073554000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4740-56-0x0000000072300000-0x0000000073554000-memory.dmp
Size

18.3MB
MD5

89476d3bb0bfb7c72f35a3db4e9ff86f
SHA1

8a232ab0ed847dce18440c3b236ea776a5c1e1f9
SHA256

49d0c0a487f8f31c0fbf04caf875bccac34445139b0d886a191973f1dd5953f5
SHA512

4ff39e6d34b35ad074be90e23997dea49421a309ff5d82f6e685edb58b7b77df47feae6081cbaec825805870276fb6391b248a234c9e452e536f7be8b6e2addb
SSDEEP

3072:3OiGyuyULyGe/kHbGpa+LrkGEt5RZSjNX:+iGyuyULyGe/kHbGpZLrkGEXS5

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.crusatabogados.com
Port:
587
Username:
[email protected]
Password:
Ticote42?
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4740-56-0x0000000072300000-0x0000000073554000-memory.dmp

Files

4740-56-0x0000000072300000-0x0000000073554000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ