General
-
Target
INQUIRY.tgz
-
Size
1.4MB
-
Sample
230328-k9rcysbh2w
-
MD5
f6220a968f911de0dd25d939e8b927bf
-
SHA1
916a65971f7285f531c7c6fd5a5dd6f2cbebd4e2
-
SHA256
cad325d8c6fa8c2d73aa73177b96947dd1a572b663b8f7cbb7e2cb804a8ded04
-
SHA512
5cc27460419e0716544132dd237dab469527720ef1287265af45ed01987a34582d7c139f872cdb6b2ee224894f423f78e8818492fd92cb3e28313adfee20b0e3
-
SSDEEP
12288:3raTO1Uf5dkB/V8CN5ntTDdMaJWailiogsf2ub7HoLQrXNR4Ork4X5hmAlB:3raq1UByBW+t5xMEWUo2Q77Nv4UhmAP
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
INQUIRY.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
INQUIRY.exe
-
Size
700.8MB
-
MD5
4a9ba9c392508348b78258c5d95602b3
-
SHA1
fe61759b5e30a0fe7b8e217d9fa97571b3018364
-
SHA256
6ba64921b6bec546cd2843e931a133cc06a8ec4eb25b1675f4d0313c180d5a17
-
SHA512
fa381ed00409ca71f023c9615859a658c145edcf996b9f023b9ba9d07d642509a34155cb66c8cf15a8140797d7b1924455ed9dfbe82330cdc160ef0d97382807
-
SSDEEP
12288:Rtjamd0KdJVZz5dN+wGKvc/zoCj5nfj/tgaJaMWlKiQsfsuN7twLQnXNnCOpi4Bi:HpVZ9X+w+U2trFgEauosU7tNHoyFu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-