General

  • Target

    INQUIRY.exe

  • Size

    3.1MB

  • Sample

    240603-lt2pesbg79

  • MD5

    078bbe7eaeaf7e7cc2ed22c372de38c4

  • SHA1

    d27576bb00da17e68f302f4408a74f32e96fc267

  • SHA256

    b2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713

  • SHA512

    2f31282dca1ef9e01c75161f71870871959a3943c0e8b8d73308f237a90875d8ac8583994dc636bb359997c84039805d8d45d44e55635eae9d80dea7729cd0fc

  • SSDEEP

    49152:u8yJAk206NICMq5pzKRgqVzKwxgFKjEXmNXjAuyG:ZBsS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      INQUIRY.exe

    • Size

      3.1MB

    • MD5

      078bbe7eaeaf7e7cc2ed22c372de38c4

    • SHA1

      d27576bb00da17e68f302f4408a74f32e96fc267

    • SHA256

      b2e8f6340ca878d0c0a82b6ec6a7d88d9e2dfc6cf72f81bda974d888f95f1713

    • SHA512

      2f31282dca1ef9e01c75161f71870871959a3943c0e8b8d73308f237a90875d8ac8583994dc636bb359997c84039805d8d45d44e55635eae9d80dea7729cd0fc

    • SSDEEP

      49152:u8yJAk206NICMq5pzKRgqVzKwxgFKjEXmNXjAuyG:ZBsS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks