agenttesla | 300-16-0x0000000000400000-0x0000000000442000-memory[.]dmp | Triage

Sharing

General

Target

300-16-0x0000000000400000-0x0000000000442000-memory.dmp
Size

264KB
MD5

cbf9da5499c1d00ac444366fff143630
SHA1

9d74860b433be9451f2931fd2bb395de7b3b67fc
SHA256

2cc03c1abb7e6b2fb1679695a774d330a761d3c8e0ca7de5aa38d523b9c4c741
SHA512

61bd51a8cf669564dc64334f35b73dc404e70a251bd37a99ddb090075162e4b227fc1921cdf787f2d03fd8b2acbb1d240ce03088929c1320ab6ea2de6c3f108f
SSDEEP

3072:K0bK97/XnfvCHdQYKQ9weVJG45bY54qMk5etLb25IMZZBhSCU:fe97/XnfvCHdQxCnVJvK4q94t/oZ5

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
terminal4.veeblehosting.com
Port:
587
Username:
[email protected]
Password:
Ifeanyi1987@
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
300-16-0x0000000000400000-0x0000000000442000-memory.dmp

Files

300-16-0x0000000000400000-0x0000000000442000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ