General
-
Target
Effisma GmbH_Inquiry.exe
-
Size
318KB
-
Sample
230330-p2cbaacf82
-
MD5
aa83f9290af2a46c782df50d1087c49e
-
SHA1
45f94ad07d9d0dbae0a80b7eb99b562b054bcfc2
-
SHA256
992bf64436ed14bc5f5fa8d6fcf95ba658aa2b4f3e0b3d88093787bcb3b63588
-
SHA512
12e693c6dee9fe07fa43ccfa49dfed03df9b3b8b03ff03f3c4402577ee7a1bff9d95472d531275e31155437bc645c250a1442bd18c39a4937a89003114c0e749
-
SSDEEP
6144:0IEkbUCumDb6ZMMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMc:jEM52MMMMMMMMMMMuMMMMMMMMMMMMMMM
Static task
static1
Behavioral task
behavioral1
Sample
Effisma GmbH_Inquiry.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Effisma GmbH_Inquiry.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.quangduong.vn - Port:
587 - Username:
[email protected] - Password:
Qd2017
Extracted
agenttesla
Protocol: smtp- Host:
mail.quangduong.vn - Port:
587 - Username:
[email protected] - Password:
Qd2017 - Email To:
[email protected]
Targets
-
-
Target
Effisma GmbH_Inquiry.exe
-
Size
318KB
-
MD5
aa83f9290af2a46c782df50d1087c49e
-
SHA1
45f94ad07d9d0dbae0a80b7eb99b562b054bcfc2
-
SHA256
992bf64436ed14bc5f5fa8d6fcf95ba658aa2b4f3e0b3d88093787bcb3b63588
-
SHA512
12e693c6dee9fe07fa43ccfa49dfed03df9b3b8b03ff03f3c4402577ee7a1bff9d95472d531275e31155437bc645c250a1442bd18c39a4937a89003114c0e749
-
SSDEEP
6144:0IEkbUCumDb6ZMMMMMMMMMMMuMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMc:jEM52MMMMMMMMMMMuMMMMMMMMMMMMMMM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-