General

  • Target

    Ambosrial.exe

  • Size

    15.7MB

  • Sample

    240618-xapfjathmd

  • MD5

    2d3809081c73e4920b2d15d363980b12

  • SHA1

    dc5c7e5d431f0cc93d7ab4fb52cd1086800c2d81

  • SHA256

    4f5d0837aca9b568682b07c8def02ab12e2afc1bc34760d77bf01d7184f82019

  • SHA512

    422b0c90cd44cfa65f63e57803507fc78814e9bd5b16d83d9ad758911f860fee8bed63e6062f992e98a4f7d811142799aace1389350d71440fd0e798bd0815ef

  • SSDEEP

    196608:B4IzRIO2gfRMhSE8/Erd8QP+ih91qBjjBHYfWY0bJE:B48RIO2gfRMYbcr6QP391qBXBoglE

Malware Config

Targets

    • Target

      Ambosrial.exe

    • Size

      15.7MB

    • MD5

      2d3809081c73e4920b2d15d363980b12

    • SHA1

      dc5c7e5d431f0cc93d7ab4fb52cd1086800c2d81

    • SHA256

      4f5d0837aca9b568682b07c8def02ab12e2afc1bc34760d77bf01d7184f82019

    • SHA512

      422b0c90cd44cfa65f63e57803507fc78814e9bd5b16d83d9ad758911f860fee8bed63e6062f992e98a4f7d811142799aace1389350d71440fd0e798bd0815ef

    • SSDEEP

      196608:B4IzRIO2gfRMhSE8/Erd8QP+ih91qBjjBHYfWY0bJE:B48RIO2gfRMYbcr6QP391qBXBoglE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks