General
-
Target
83b6aa38d20988a4998f816204052bb8da1a178b9d0c5fcd99d20239ba3a7d1c
-
Size
582KB
-
Sample
220521-ah2dqsacf6
-
MD5
4b4b125def3287ccddead1639cba1e0b
-
SHA1
63c9901285879d493f780b3523edf42d30dccaa5
-
SHA256
83b6aa38d20988a4998f816204052bb8da1a178b9d0c5fcd99d20239ba3a7d1c
-
SHA512
9bb3d82df09747a7ba594546f05a6347f9b1f07d0b22e1c6cdb13a441f243008f0da902752f4cf3f2a5391bdc1802fbaa8f800f51630843b5c420b625f200289
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry Specifications.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry Specifications.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Inquiry Specifications.exe
-
Size
743KB
-
MD5
c53968e1ae7a72f19601461be7fe28c5
-
SHA1
5bcaf93b52a0a617ca06a25ee4ee65f26737c8a0
-
SHA256
9aacf7241d4ac98976ece20663fe83d6b5f13bfe98b597ae02ed5d39614b9c16
-
SHA512
650a7ccac182b4c84fd7543309a3dc76428d50f0b32422dd188a5f58cd0579b935e7b59f74b85614cd3ec3395e861802a7e775270831ac3ed086a07fce607fae
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-