agenttesla | 1948-34-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1948-34-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

a445f63cc51b58d407b4a9b3d98c955f
SHA1

bfdf36188922d58a88cac193457c65d3f628e175
SHA256

703a927ac8de7df694b6b3b3a3067efbdba5bf3442cdcf7799cd6c67d63b4e9f
SHA512

79a341e130ad9a8b4e59ae30d0cb1b86ca26612f2e2d4f210f2eb1460897080ed97ee320d6c539ab23dc6b1a8438e444f45a9f07a04c46b00f77711bf5d3026a
SSDEEP

3072:So76NB1IrBIbSGDgXQ3OCJLCak39V5s/AMroh:So76NB1IrBDGG2Oie39ZMk

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
premium162.web-hosting.com
Port:
587
Username:
[email protected]
Password:
Success4sure2day10@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1948-34-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1948-34-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ