General
-
Target
f1ff478a7d34676393c480932ec4c3b17c790d1bb1ea719d21b55efce7042677
-
Size
381KB
-
Sample
220520-3krljahaf9
-
MD5
cd7bb1fc6034ee1eb6a0a9e973c52e83
-
SHA1
2e8bb474df1f60e582fae7731592f3d73acc09ad
-
SHA256
f1ff478a7d34676393c480932ec4c3b17c790d1bb1ea719d21b55efce7042677
-
SHA512
b148f67ab16f4417a0e0c684e42c00e52c1e9a2272c4227f4a2096aa5471cebefb80d8c463b54820190ab68004ee36d25cd499766ed6e1d18aab790fc6457848
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry162020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry162020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
anyanwu3116
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
anyanwu3116
Targets
-
-
Target
Inquiry162020.exe
-
Size
561KB
-
MD5
545f0d6c85e724cdf181bbb695d6adb1
-
SHA1
d2593a8ab114593c16b77914acddd9d917fb58a1
-
SHA256
b6e27dd859c2b932284d6a65629a1df3f262ba01b11c56281935dcf6beecdf8f
-
SHA512
2b896a6b3f09148a5b912d5a4e2cf0014ddd52abc3ba38f67ca79bfc53f440802b45542cc9b4cabedd5c8e0cea9f413c0a368f98fc04adf4ad7af456cb6dceee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-