agenttesla | 2996-7-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2996-7-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

e454ca0f87e8a6c67a6f29f3a9af750d
SHA1

d4bb09d164c7690e8eea91038efe64afcf632f4f
SHA256

5c82d429fde09c8dd0416d2c676155a3f6ca1977954d539357610155e06e0db9
SHA512

9e4803bde9e401f860a31a42e0482d2daf4260bada2049d4f14e22cc65a947cafca07d0a6c1d3c3e22aae1152b8fd6b2db5a50d59c99ce508631fb85cd49e67f
SSDEEP

3072:i44ZKW+m+219f325MaIaIk1KCDRZGV1i52lq3i5/:i4W+m+219f325UGHATfqA/

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.maternamedical.top
Port:
587
Username:
[email protected]
Password:
;PB9=-brP&O#
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2996-7-0x0000000000400000-0x0000000000442000-memory.dmp

Files

2996-7-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ