General
-
Target
No.1089765423012021_inquiry.zip
-
Size
419KB
-
Sample
211201-vnkndsebdq
-
MD5
62e913bfe9400696bf0cefb4d6e5e745
-
SHA1
184010a9e46e4e9b20830dd5fc58fd3f76e78f1e
-
SHA256
7b2b019833000669a61ff58756311596663a48775af9426765d45a5ea397f27d
-
SHA512
d1bcaa15aaedab3de71e9ada5eb16c6593a4cd02620131d14bcc6799234378848351740525b1e2bfae36681284172fbfffd4a622fe0ee2ff29e44092b2877bc0
Static task
static1
Behavioral task
behavioral1
Sample
1089765423012021_inquiry.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
1089765423012021_inquiry.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.modularelect.com - Port:
587 - Username:
[email protected] - Password:
successman12@
Targets
-
-
Target
1089765423012021_inquiry.exe
-
Size
560KB
-
MD5
b47c3006b43aff7a9c395e6ddf7d65ec
-
SHA1
785ba2f4990bf8d8ee4a3fb8986131756338a662
-
SHA256
c5c10a5a97d09d2545fa73ab64459b2fdaeadf3ef2a08bceadcbff26a69b65f5
-
SHA512
8fa5c1397532acf8abab18e63b29072117fbf1b9139520be74d2d9261efe448aa9a05218ee09402085340b352f754d77dc3750af96845b425ad0fe6404088aa8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-