General
-
Target
25092024051122092024INQUIRYS46789SEP24MAT.cab
-
Size
951KB
-
Sample
240925-jfa87sshqn
-
MD5
a6e5f46051bfa8ef90268321b03aee86
-
SHA1
04244e8b703928ef62c0beb7207b89fe4fe02240
-
SHA256
a05ce1f38d2250cbab37851ba53120058ce06fa97cdaf961f4d9814de066cb32
-
SHA512
0323a9bd357a366428782175baa7b6a14bbfbd1dc3639cd2fab843c11262c3113343c4599108a3b6bf0b3f7bfb32f6b54e6c56e58c56509dfdf52f6b43acb911
-
SSDEEP
24576:7UB2l5IV11+UlLjhnRe+kxGZD7zQGC1lEHrQtTVP/zYd7i+N:tS11vdReei1WsX/ze7iE
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRYS#46789-SEP24MAT.exe
Resource
win7-20240903-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
office12#
Targets
-
-
Target
INQUIRYS#46789-SEP24MAT.exe
-
Size
1.2MB
-
MD5
07ccbec18681f1d2e98c33a62bdf89d6
-
SHA1
391dd53228844ce76c1fe9ee8ec1d9c40731d2ce
-
SHA256
9c08d64bbe7619affdc3842f4cbfa2f2d7e06d08aec3d01c0558ba133129c3d7
-
SHA512
2309703110314b4d1e03d0f70ba91feedf0ca11893b11853f1a62cfe439f0cb8b2b13d06b980efac267e7d6f249ab84722375215e6ecb97cab0e4d006ec5ff34
-
SSDEEP
24576:fRmJkcoQricOIQxiZY1ia3+ekxiX/7z2Gw1lODrQvTVZ/zAd7iy7:0JZoQrbTFZY1ia3+4K1k4z/zE7iG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-