General
-
Target
61a909290010897c2e5059b4f24056da80e842d7c24b534475060ca8c1c3925b
-
Size
31KB
-
Sample
250704-nrt8nssmv8
-
MD5
0f87f8a7ed4cab5f85daf2cdd9c3bbe8
-
SHA1
78790a9fcb98d23211167d3b3923c7324f8ddfa7
-
SHA256
61a909290010897c2e5059b4f24056da80e842d7c24b534475060ca8c1c3925b
-
SHA512
7e03cd28726a630f1a793410c17ed03425fe0c7135186801fde521b7cbad3e9e6e7089e95ca85e34128dad4fedf0fcddd2f32d717567c5061745959c307c0986
-
SSDEEP
768:mxdPX+pDza+UvjKKS8QTakm6y8Kx1iX9sTSJeK58Kg7m:mvqva+UbcL2keEySJvcm
Static task
static1
Behavioral task
behavioral1
Sample
Asco Valve Shanghai OrderPO-011024.exe
Resource
win10v2004-20250619-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
Asaprocky11 - Email To:
[email protected]
Targets
-
-
Target
Asco Valve Shanghai OrderPO-011024.com
-
Size
50KB
-
MD5
0c90379314f161df6b92c70bb2c73813
-
SHA1
525a23f91cbccdb38acb8bd90ba8c8daffb63749
-
SHA256
50cc3131dc874fbef87b5926cbe1803b0586232c73420ef4f6b6542d8c51b12b
-
SHA512
6d793955d89e2cdd9266de653ea7f1b5e5a3db56ac4b06aa1e08d843aab1e903b79df0b768fdfdf49c596a5fd6e5bb4cf2a59e40d2c30b9adf331ba0db420512
-
SSDEEP
1536:Icg2pI81jNYIVedwF0ECg0iA6nSvWbenW6r56zT:IcgSvtNYIoG+inSJP56X
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1