agenttesla | 1284-4-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1284-4-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

d6b25b481b780e6aa6ada23dc415f052
SHA1

2915432a0270a0bfb9ec5d47e6652db3557bd182
SHA256

99933adc04db6dac0fb21c96e962e312b0219911f6a703789b1ff33005e4a095
SHA512

fdc2a26a927f0d3519c52ed852f3e8ab1f7939da34f850f8e994c4595fb6a7a99938003dddbb49f5c30e3ced4d52f7ff822a9bedaa24e1e6e92dc88ddea0a539
SSDEEP

3072:Mj99Xnv/X4teDzG6Z1mT6Mk5JAewlU530jvIF5n:W99Xnv/XueDNi69HAnlvjA

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
terminal4.veeblehosting.com
Port:
587
Username:
[email protected]
Password:
Ifeanyi1987@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1284-4-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1284-4-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ