agenttesla | 1888-4998-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1888-4998-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

36aabb44ec96658a379b9b0e7b41e727
SHA1

da79e01595506b85ad50398c99f0dbd0412ad175
SHA256

e3ba06e54a229735d1a9a09b8c3184d8719fee5d112dcb9e2d273178af04da1c
SHA512

f52c781fa5f29957443121ef0bc58b4499ea77cd37c69bdb6f812ad177f7b62a86f031511671f5077e8c9aa8716e321c6d9ac490aa3b130f0b07aab206fe117f
SSDEEP

3072:gbGSqyKyDapqdQZ1ni9MuGwa/04H0C55eNj7S9:g6SqyKyDpdO2GF/04U9NX

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
gator3220.hostgator.com
Port:
587
Username:
[email protected]
Password:
OBC#75@tsGreenPass@5974a
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1888-4998-0x0000000000400000-0x0000000000442000-memory.dmp

Files

1888-4998-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ