General
-
Target
0ef205b37203c59a96de95c69e7ccf051b0999a44062df11ee34a04580e5fd98
-
Size
1.2MB
-
Sample
220521-b2l9lachb4
-
MD5
48489082ba0ecee53ee1d5d6be42869e
-
SHA1
4c97993caf15b9e3301c5db78151b13e598c3940
-
SHA256
0ef205b37203c59a96de95c69e7ccf051b0999a44062df11ee34a04580e5fd98
-
SHA512
2046b1222b2f1468f12a5eca872d1896a7199b82d17674a3bb1d49708d59f73ce347f0db19006303050ea409754c417ead23b14dd8f21cd1e6a0bce442fd3bb4
Static task
static1
Behavioral task
behavioral1
Sample
ENQUIRY_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ENQUIRY_.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
ENQUIRY_.EXE
-
Size
504KB
-
MD5
8aaf1031d76d79b21c17718a78ecf002
-
SHA1
24b44db0b7e549a3e3768994c610d184e995fe37
-
SHA256
b557884e69cbfcae02528a9e04363d4c61e358f7f81a285a5ea758df8f02bb63
-
SHA512
3ddb73cf4a4278d2a9981f3270927cbf934fe15c072d367111fbd4fd13d4e5e0904501963e031e792c53cb40de415ccd5030c204150ac91c505bf54e7743c57d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-