agenttesla | 2688-16-0x0000000000400000-0x0000000000476000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2688-16-0x0000000000400000-0x0000000000476000-memory.dmp
Size

472KB
MD5

9cf99794ca4a023de62c101500bd5775
SHA1

8b14d0e487e58bf0248cbee344aaa2a73166b657
SHA256

d4444846ce9f82015b9c8d583876cc45c2b5284bd6d3d17966dcb3d8befec5e5
SHA512

206203f6e55d34d2748cc9a0a8c805e6a25dc5d09f0f2880040f455771f392c62493c2ec14d80647e5d53cd9e82fc93eb3977875366067332133a134ecd919d6
SSDEEP

12288:wGOzvLvzFvHJGPN5MP7r9r/+ppppppppppppppppppppppppppppp0G:MzvLvzFQk1q

Score

10^/10

agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.medicalhome.com.pe
Port:
587
Username:
[email protected]
Password:
MHinfo01
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2688-16-0x0000000000400000-0x0000000000476000-memory.dmp

Files

2688-16-0x0000000000400000-0x0000000000476000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ