General
-
Target
ENQUIRY.exe
-
Size
570KB
-
Sample
211021-nsvwlaaca7
-
MD5
dfc7cff14929dc6879d88a2c514bfef8
-
SHA1
319f1833848a98c976c1eb074af16a52ee4d1433
-
SHA256
a6229790b0a76fded9219434078e2ba9349cd636ee4fa6c633d0779a464c07f7
-
SHA512
452237738c52331f7dce3d5d6da93464a7be47c4ffe1d782958c562beed0021717465fda0db9115392a4766f2b8f7ef0ccd89645e2b7d8b4fe75ac3ccb70d85b
Static task
static1
Behavioral task
behavioral1
Sample
ENQUIRY.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ENQUIRY.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aldhiyafainteriors.com - Port:
587 - Username:
rahman@aldhiyafainteriors.com - Password:
dhiyafa@987
Targets
-
-
Target
ENQUIRY.exe
-
Size
570KB
-
MD5
dfc7cff14929dc6879d88a2c514bfef8
-
SHA1
319f1833848a98c976c1eb074af16a52ee4d1433
-
SHA256
a6229790b0a76fded9219434078e2ba9349cd636ee4fa6c633d0779a464c07f7
-
SHA512
452237738c52331f7dce3d5d6da93464a7be47c4ffe1d782958c562beed0021717465fda0db9115392a4766f2b8f7ef0ccd89645e2b7d8b4fe75ac3ccb70d85b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-