General
-
Target
QUOTE 7129.bat
-
Size
567KB
-
Sample
211014-ggcsbagce7
-
MD5
c5cc1718876b11652a056bfb7c819521
-
SHA1
37beee9cd4da05c76e9e79a98e824d7f103bf986
-
SHA256
bd6fb4af1ac12b02fdfa5df9ce0094710fab6415f3154cdcc6c1e5d8b7f351a1
-
SHA512
547edba7ff818c915e9fa6c16ea2c8ad214afcdef4049aea72a18d6e64243ba227fa8ec77d5232e7f36ab14f9bbae657adce82a3b77f33616d44a552eaf15e45
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE 7129.bat.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
QUOTE 7129.bat.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidmail.ec - Port:
587 - Username:
anams@rapidmail.ec - Password:
icui4cu2@@
Targets
-
-
Target
QUOTE 7129.bat
-
Size
567KB
-
MD5
c5cc1718876b11652a056bfb7c819521
-
SHA1
37beee9cd4da05c76e9e79a98e824d7f103bf986
-
SHA256
bd6fb4af1ac12b02fdfa5df9ce0094710fab6415f3154cdcc6c1e5d8b7f351a1
-
SHA512
547edba7ff818c915e9fa6c16ea2c8ad214afcdef4049aea72a18d6e64243ba227fa8ec77d5232e7f36ab14f9bbae657adce82a3b77f33616d44a552eaf15e45
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-