agenttesla | 3840-10-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3840-10-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

8b1428e5d4dcab1b05b13e9f642f39fb
SHA1

45018cf6e746981905b5f42beb994eeac8544c81
SHA256

ac13e0c8de23897f18e472847b570f3dd02d192b9c1c7d35c0b323da5bfc4a51
SHA512

bc83a1fe28a4bdfd2e9d4381ac2f8bcb339c14abdba247a0bc15054f76ec6a0fdaac173a3a3eb6bbc72c44d708fe5b235bda4f847ed11c536152704677d25ce4
SSDEEP

3072:BZfv//vDV1nynsg1zDTozn7zHxDHAyki50lEEinJ:BZfv//vjnynsg1zDToznPHpHAykPE7n

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
@BPkIlloCGraceD7@1
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3840-10-0x0000000000400000-0x0000000000442000-memory.dmp

Files

3840-10-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ