General
-
Target
DOCUMENT.BAT
-
Size
491KB
-
Sample
211018-1emdhsehg8
-
MD5
509657bf2cda328547347fb08192a545
-
SHA1
dda0893857e46e43a869a2a0c0171d83da2c6fc5
-
SHA256
fec4bd7fec11af96dc833563d61a8424e0e4bb0b332b5b423a871583c0fd44ca
-
SHA512
29b9cc7df360740a51b560fe5a4b87f829ed706c7cdab4a508513d29c8b0c3318e1fcbe3dc2c3bd2d844570ccca14b7306f8e741e6468590630e74ab3f4d4eac
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.BAT.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DOCUMENT.BAT.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mudanzasdistintas.com.ar - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
DOCUMENT.BAT
-
Size
491KB
-
MD5
509657bf2cda328547347fb08192a545
-
SHA1
dda0893857e46e43a869a2a0c0171d83da2c6fc5
-
SHA256
fec4bd7fec11af96dc833563d61a8424e0e4bb0b332b5b423a871583c0fd44ca
-
SHA512
29b9cc7df360740a51b560fe5a4b87f829ed706c7cdab4a508513d29c8b0c3318e1fcbe3dc2c3bd2d844570ccca14b7306f8e741e6468590630e74ab3f4d4eac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-