agenttesla | 732-64-0x0000000000400000-0x0000000000430000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

732-64-0x0000000000400000-0x0000000000430000-memory.dmp
Size

192KB
MD5

3d7d2831a180b991e91b8f47d20bdb3b
SHA1

c5f847ad483d76dc6b804d9bb8ae01a2bb0acecb
SHA256

76254c66ca48734257a4438f248dd472f4df41d4bdfe0be7f5bc8457c05bcb56
SHA512

f01a34dd898ecca1242cf2e9a9a3975933c62c0d525b180ec7ad21b82faf871cbfd5212894897fefd7986efe05103b63ef4f2be2b49e4cf0bd71b56c57a3d347
SSDEEP

3072:WTWPles+WAYaaaI5N4380Iio5Lc0zuId/NNOSFbC1I:pmYnd0nILfzuq/NosO1

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
server320.web-hosting.com
Port:
587
Username:
[email protected]
Password:
m#+f(b5{XRR3
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
732-64-0x0000000000400000-0x0000000000430000-memory.dmp

Files

732-64-0x0000000000400000-0x0000000000430000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ