General
-
Target
Inquiry,png.exe
-
Size
274KB
-
Sample
211019-d1b4cagahn
-
MD5
214314acb198f14903fb16538450fe69
-
SHA1
d28b62d92aa73da2662f52a20ecb896fbf248806
-
SHA256
fa708dbd323666bef72779702e67ea18192727f8d881ed8cd295619b892e6f1b
-
SHA512
c6a578141238fc0ebeba108f4c325b4d6fa1d2ab37304281253e94f4d7927ebb22fab5bcd411688feed159f57bd5a2cbebcf0200f1e5d29b773392e9be4523b8
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry,png.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Inquiry,png.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.autokarma.ro - Port:
587 - Username:
[email protected] - Password:
auto123#
Targets
-
-
Target
Inquiry,png.exe
-
Size
274KB
-
MD5
214314acb198f14903fb16538450fe69
-
SHA1
d28b62d92aa73da2662f52a20ecb896fbf248806
-
SHA256
fa708dbd323666bef72779702e67ea18192727f8d881ed8cd295619b892e6f1b
-
SHA512
c6a578141238fc0ebeba108f4c325b4d6fa1d2ab37304281253e94f4d7927ebb22fab5bcd411688feed159f57bd5a2cbebcf0200f1e5d29b773392e9be4523b8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-