agenttesla | 2596-11-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

2596-11-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

e28a9a6f122026fa7691f2eec7aa45ae
SHA1

79c50cc7e180ed46172c0bddddb5dcfc7eb75b6f
SHA256

ae9203c953eada6d3cfbf9df2ba1031b434e79136e26233d471c8f79187bc091
SHA512

4730c55b5e09f4763b20fb4db18b0d2dc2a40966ffe5dfe6bf3d57169470d71830081c71041aa0ea28d2d3875e5665397bb1e0bac38396d618cb434fbbe5a69d
SSDEEP

3072:K0bK97/XnfvCHdQYKQ9weVJG45bY54qMk5etLb25IMZZBhSC:fe97/XnfvCHdQxCnVJvK4q94t/oZ5

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
terminal4.veeblehosting.com
Port:
587
Username:
[email protected]
Password:
Ifeanyi1987@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2596-11-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2596-11-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ