General
-
Target
INQUIRY.exe
-
Size
3.1MB
-
Sample
240603-lt2pesbg79
-
MD5
078bbe7eaeaf7e7cc2ed22c372de38c4
-
SHA1
d27576bb00da17e68f302f4408a74f32e96fc267
-
SHA256
b2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713
-
SHA512
2f31282dca1ef9e01c75161f71870871959a3943c0e8b8d73308f237a90875d8ac8583994dc636bb359997c84039805d8d45d44e55635eae9d80dea7729cd0fc
-
SSDEEP
49152:u8yJAk206NICMq5pzKRgqVzKwxgFKjEXmNXjAuyG:ZBsS
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
INQUIRY.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@ - Email To:
[email protected]
Targets
-
-
Target
INQUIRY.exe
-
Size
3.1MB
-
MD5
078bbe7eaeaf7e7cc2ed22c372de38c4
-
SHA1
d27576bb00da17e68f302f4408a74f32e96fc267
-
SHA256
b2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713
-
SHA512
2f31282dca1ef9e01c75161f71870871959a3943c0e8b8d73308f237a90875d8ac8583994dc636bb359997c84039805d8d45d44e55635eae9d80dea7729cd0fc
-
SSDEEP
49152:u8yJAk206NICMq5pzKRgqVzKwxgFKjEXmNXjAuyG:ZBsS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-