General
-
Target
300b58c2becddba9d514fbd569da74a47295518e3e9872035142f5ad9e99923e
-
Size
370KB
-
Sample
220520-2zrpeabccr
-
MD5
bbc8dbc043c8816c2e62ae4ca57d4f95
-
SHA1
99108538b2f930285f3ce950f270d7b500427aa0
-
SHA256
300b58c2becddba9d514fbd569da74a47295518e3e9872035142f5ad9e99923e
-
SHA512
1a63793126f3f23065cc857d467c33431c5eecfb78a4da75efc282ff1e9d4f84e02dbcca44b95680f1f8276859f37db22b2789ba27e060d70d860f5823568cec
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY_pdf__.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQUIRY_pdf__.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jpmvt.com - Port:
587 - Username:
[email protected] - Password:
P@ssw0rd
Extracted
Protocol: smtp- Host:
mail.jpmvt.com - Port:
587 - Username:
[email protected] - Password:
P@ssw0rd
Targets
-
-
Target
INQUIRY_pdf__.exe
-
Size
525KB
-
MD5
15e91b66fb88390b9833cf3a79cab0ca
-
SHA1
e370b599b7e53bf35890e2e2f7e7b1a7e978ce86
-
SHA256
da7f00e9042a254deafda735ffb54a8c03b4d3af45bc297d1dd412f7840cb77f
-
SHA512
d5e5e63c7897506d80608ffff0571897b899d3964e19c51f8762412d04201a67b72a179bc11e6afb3c940a241dd42505ea9e074a947055b27aa6a4bd3704553e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-