QUOTE 7129.bat

General
Target

QUOTE 7129.bat

Size

567KB

Sample

211014-ggcsbagce7

Score
10 /10
MD5

c5cc1718876b11652a056bfb7c819521

SHA1

37beee9cd4da05c76e9e79a98e824d7f103bf986

SHA256

bd6fb4af1ac12b02fdfa5df9ce0094710fab6415f3154cdcc6c1e5d8b7f351a1

SHA512

547edba7ff818c915e9fa6c16ea2c8ad214afcdef4049aea72a18d6e64243ba227fa8ec77d5232e7f36ab14f9bbae657adce82a3b77f33616d44a552eaf15e45

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.rapidmail.ec

Port: 587

Username: anams@rapidmail.ec

Password: icui4cu2@@

Targets
Target

QUOTE 7129.bat

MD5

c5cc1718876b11652a056bfb7c819521

Filesize

567KB

Score
10 /10
SHA1

37beee9cd4da05c76e9e79a98e824d7f103bf986

SHA256

bd6fb4af1ac12b02fdfa5df9ce0094710fab6415f3154cdcc6c1e5d8b7f351a1

SHA512

547edba7ff818c915e9fa6c16ea2c8ad214afcdef4049aea72a18d6e64243ba227fa8ec77d5232e7f36ab14f9bbae657adce82a3b77f33616d44a552eaf15e45

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation