General
-
Target
INQUIc.exe
-
Size
804KB
-
Sample
230327-tjee5sgc5x
-
MD5
f76a778489f54ad52f8f87265c533f89
-
SHA1
61e6e62415c9bbfd50eaf05c63c026123c2e5acd
-
SHA256
2e6c7f02a001e228f3d49acf9dfe7df5bac27b9cc77569874170341abb80a311
-
SHA512
8b9539b559c90017b03d564abe12229a9d83240bcda354673401982fa1ed1bf815bb3dc4097b72602d4bf0997ac4db7cb4e829f176f9d50d166df1f4d81cad29
-
SSDEEP
12288:xpUJB0OkRgtVGvoYACV7s5MxrymUpMf5lKCKo1tYhBbDwec+LylJhZSnRq:I++/dWts5+rKqhlKCd1GLbDwe4DSRq
Static task
static1
Behavioral task
behavioral1
Sample
INQUIc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
INQUIc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
INQUIc.exe
-
Size
804KB
-
MD5
f76a778489f54ad52f8f87265c533f89
-
SHA1
61e6e62415c9bbfd50eaf05c63c026123c2e5acd
-
SHA256
2e6c7f02a001e228f3d49acf9dfe7df5bac27b9cc77569874170341abb80a311
-
SHA512
8b9539b559c90017b03d564abe12229a9d83240bcda354673401982fa1ed1bf815bb3dc4097b72602d4bf0997ac4db7cb4e829f176f9d50d166df1f4d81cad29
-
SSDEEP
12288:xpUJB0OkRgtVGvoYACV7s5MxrymUpMf5lKCKo1tYhBbDwec+LylJhZSnRq:I++/dWts5+rKqhlKCd1GLbDwe4DSRq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-