General
-
Target
1b18ffea96feb91fe7df6862c6af34601e9f14224d4dfb7856f4b04beb79def1
-
Size
961KB
-
Sample
220521-m9hrxsgden
-
MD5
6bb1c7712e15e99105442857ada24472
-
SHA1
edaa980b5d6adaa78ab523416a8f1c1d40fd3f8c
-
SHA256
1b18ffea96feb91fe7df6862c6af34601e9f14224d4dfb7856f4b04beb79def1
-
SHA512
b292442ccd3c3cedc8c1e4598b1e78376a39d5e9fd2f97be7ef399664385eb4567bd12b7676d21f849557b283dfd7e2ffa05cc5fac06fa7f7edcf3e73c248dcb
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQUIRY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
export5@fufeng-grooup.com - Password:
K$pbkEK0
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
export5@fufeng-grooup.com - Password:
K$pbkEK0
Targets
-
-
Target
INQUIRY
-
Size
1.4MB
-
MD5
1883cc5a5f6d2ecd6755615958f9aa91
-
SHA1
1b909e95504f780a6b5a34e3cbec7542468ce0d8
-
SHA256
785b935be29af7c8a26e4080b1d4dc3ad93589d7175773b0b1fbad99165b24ef
-
SHA512
1e7e4d1dae9d46ec79c54cf95a6ade1026208a620e7cb98ce633d073623a9b17d4768f8c981cacc41cf81ca0a1748875487272809765adafd01159ed8718d76f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-