General
-
Target
QUOTE 7254.bat
-
Size
578KB
-
Sample
211014-ggcsbagce9
-
MD5
4d0f6d1430135a6779417b51294af53c
-
SHA1
a473af0c7fa93abf4ee9f780664eee49843ca008
-
SHA256
810834cae1e8be03e2534968ea0a1132a6d2dd18d8fd3e366c3d9dca3fb05846
-
SHA512
67f89029d4185a8335303d43eee87aae9cd5e2c7faf6f7f67b32116b5d27daae9e71bd48132c066b3b7a57d63430334ce073e818fcebe0e50c0114a0196ccbe6
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE 7254.bat.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
QUOTE 7254.bat.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidmail.ec - Port:
587 - Username:
anams@rapidmail.ec - Password:
icui4cu2@@
Targets
-
-
Target
QUOTE 7254.bat
-
Size
578KB
-
MD5
4d0f6d1430135a6779417b51294af53c
-
SHA1
a473af0c7fa93abf4ee9f780664eee49843ca008
-
SHA256
810834cae1e8be03e2534968ea0a1132a6d2dd18d8fd3e366c3d9dca3fb05846
-
SHA512
67f89029d4185a8335303d43eee87aae9cd5e2c7faf6f7f67b32116b5d27daae9e71bd48132c066b3b7a57d63430334ce073e818fcebe0e50c0114a0196ccbe6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-