General
-
Target
Ambosrial.exe
-
Size
15.7MB
-
Sample
240618-xapfjathmd
-
MD5
2d3809081c73e4920b2d15d363980b12
-
SHA1
dc5c7e5d431f0cc93d7ab4fb52cd1086800c2d81
-
SHA256
4f5d0837aca9b568682b07c8def02ab12e2afc1bc34760d77bf01d7184f82019
-
SHA512
422b0c90cd44cfa65f63e57803507fc78814e9bd5b16d83d9ad758911f860fee8bed63e6062f992e98a4f7d811142799aace1389350d71440fd0e798bd0815ef
-
SSDEEP
196608:B4IzRIO2gfRMhSE8/Erd8QP+ih91qBjjBHYfWY0bJE:B48RIO2gfRMYbcr6QP391qBXBoglE
Static task
static1
Malware Config
Targets
-
-
Target
Ambosrial.exe
-
Size
15.7MB
-
MD5
2d3809081c73e4920b2d15d363980b12
-
SHA1
dc5c7e5d431f0cc93d7ab4fb52cd1086800c2d81
-
SHA256
4f5d0837aca9b568682b07c8def02ab12e2afc1bc34760d77bf01d7184f82019
-
SHA512
422b0c90cd44cfa65f63e57803507fc78814e9bd5b16d83d9ad758911f860fee8bed63e6062f992e98a4f7d811142799aace1389350d71440fd0e798bd0815ef
-
SSDEEP
196608:B4IzRIO2gfRMhSE8/Erd8QP+ih91qBjjBHYfWY0bJE:B48RIO2gfRMYbcr6QP391qBXBoglE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-