General
-
Target
67174293be1ad3d354028d57b59c2ff54c2454f92934f42ead1cb56ec69211a3
-
Size
434KB
-
Sample
220521-btdmgscdh2
-
MD5
3b8275a9bb97dc6f628e68f4868a71de
-
SHA1
82c150bd2ab5a6faa49fdfe09d0808fe728923fe
-
SHA256
67174293be1ad3d354028d57b59c2ff54c2454f92934f42ead1cb56ec69211a3
-
SHA512
016a605453ef81e61cc7e34fd1ed358fdb0674def3ace8c54baa100d9ea6e083070eff170c549dada7b01ce036b2e5601b9c2c7a550227f35512c897f28a8a89
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry Order.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Inquiry Order.exe
-
Size
480KB
-
MD5
11cd289b080a87cf994d1da97cc5b575
-
SHA1
804010c9597571b9aad7b37f0e31474532b20d74
-
SHA256
793666eca93a68eaa6cbb34eac888c354c61cc5d92e5f8d99466020a430308b2
-
SHA512
8d093f31089ef2d4f984ff58b70e7ab6c6bdd8ea36c9648fd86a97ccecdd3cbf6ee2b044179b000d25506d9714d0554e76d079e7be7f4a872b937e8f09e061b1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-