General
-
Target
inquiry.exe
-
Size
1.1MB
-
Sample
200630-1v5v1ph1tn
-
MD5
634229321696c6c4eeea45af54e0bcb2
-
SHA1
2f7181695e47f139f773795e41f56f69a1fa0b6f
-
SHA256
69f0daa863cb586a1e2b00b6335bc69f7f06615b44b2f81bb5445d6912f6a80e
-
SHA512
29427229aa3ef9304b729f9c19eeb58f6c954c5b5c7e37e07194e2031797544768a52097329f2258278a1bb1b4336c63c3b1bee76df4ca42a5f839be2fc77e38
Static task
static1
Behavioral task
behavioral1
Sample
inquiry.exe
Resource
win7
Behavioral task
behavioral2
Sample
inquiry.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jerryedward1@yandex.ru - Password:
enugu042
Targets
-
-
Target
inquiry.exe
-
Size
1.1MB
-
MD5
634229321696c6c4eeea45af54e0bcb2
-
SHA1
2f7181695e47f139f773795e41f56f69a1fa0b6f
-
SHA256
69f0daa863cb586a1e2b00b6335bc69f7f06615b44b2f81bb5445d6912f6a80e
-
SHA512
29427229aa3ef9304b729f9c19eeb58f6c954c5b5c7e37e07194e2031797544768a52097329f2258278a1bb1b4336c63c3b1bee76df4ca42a5f839be2fc77e38
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-