General
-
Target
RFQ @ 2065001 - INQUIRY.exe
-
Size
586KB
-
Sample
201109-4f34l2th36
-
MD5
e4213a46f2cd9bd48db142555d6f5343
-
SHA1
fdaa240eb46ad458d45524fe65ec74087178a460
-
SHA256
2002d285e6c892e4b91293e92d5babe24d8d5891a7a80865930582c518802ccf
-
SHA512
240db2af2674bff7b6dd87d49b6105f330cc50fc0cda4c0e3aa7d33835bc0986d356219f9d26503dea942230736d7bca37a230c56055a6151dc9727937bd0362
Static task
static1
Behavioral task
behavioral1
Sample
RFQ @ 2065001 - INQUIRY.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ @ 2065001 - INQUIRY.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.japhethpumps.com - Port:
587 - Username:
marketing@japhethpumps.com - Password:
#BkvzVF2
Extracted
Protocol: smtp- Host:
smtp.japhethpumps.com - Port:
587 - Username:
marketing@japhethpumps.com - Password:
#BkvzVF2
Targets
-
-
Target
RFQ @ 2065001 - INQUIRY.exe
-
Size
586KB
-
MD5
e4213a46f2cd9bd48db142555d6f5343
-
SHA1
fdaa240eb46ad458d45524fe65ec74087178a460
-
SHA256
2002d285e6c892e4b91293e92d5babe24d8d5891a7a80865930582c518802ccf
-
SHA512
240db2af2674bff7b6dd87d49b6105f330cc50fc0cda4c0e3aa7d33835bc0986d356219f9d26503dea942230736d7bca37a230c56055a6151dc9727937bd0362
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-