General
-
Target
ABSA POP.exe
-
Size
916KB
-
Sample
210511-5mdpnzkrks
-
MD5
0266f5352db7db41d66942cb8fea548e
-
SHA1
94facfb7e00854ef5ebb5578f2931f97e1e3afbd
-
SHA256
9719ef0c13fb328372e4037db03bb12d16cc226e2a0a8c15e0622e2d610ff017
-
SHA512
3b21635a1a2c2bcb0190ce9885a2b35a6107686c0c875ead876f235675296d5fde2b9d227eb310722bd5384e52fa0cc961362b64ac168d451a62b7c83a95c716
Static task
static1
Behavioral task
behavioral1
Sample
ABSA POP.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ABSA POP.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.foodurway.com.au - Port:
587 - Username:
admin@foodurway.com.au - Password:
Island@1981$
Targets
-
-
Target
ABSA POP.exe
-
Size
916KB
-
MD5
0266f5352db7db41d66942cb8fea548e
-
SHA1
94facfb7e00854ef5ebb5578f2931f97e1e3afbd
-
SHA256
9719ef0c13fb328372e4037db03bb12d16cc226e2a0a8c15e0622e2d610ff017
-
SHA512
3b21635a1a2c2bcb0190ce9885a2b35a6107686c0c875ead876f235675296d5fde2b9d227eb310722bd5384e52fa0cc961362b64ac168d451a62b7c83a95c716
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-