General
-
Target
0di3x.bin.zip
-
Size
78KB
-
Sample
201116-96rt48lgr2
-
MD5
10ad9e03b54e22c1da056d8fab1b289d
-
SHA1
98f3bd0b931de340ffdc52241a779f3cee9465de
-
SHA256
84e8caaf836da889b6f7c4d7e53c682274d23fdfa84011efe29c1894b7b16bd3
-
SHA512
c506f3a0612dfa40ca939f67131788c24e7d5b1e6b62558bc89247e1b435a21fb29dfdac88b9176dc46b84e38c2c618ad9fe4df03b280b887d676faccdb5b4d9
Static task
static1
Malware Config
Extracted
Family |
smokeloader |
Version |
2020 |
C2 |
http://etasuklavish.today/ http://mragyzmachnobesdi.today/ http://kimchinikuzims.today/ http://slacvostinrius.today/ http://straponuliusyn.today/ http://grammmdinss.today/ http://viprasputinsd.chimkent.su/ http://lupadypa.dagestan.su/ http://stoknolimchin.exnet.su/ http://musaroprovadnikov.live/ http://teemforyourexprensiti.life/ http://stolkgolmishutich.termez.su/ http://roompampamgandish.wtf/ |
rc4.i32 |
|
rc4.i32 |
|
Extracted
Family |
zloader |
Botnet |
r1 |
Campaign |
r1 |
C2 |
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php |
rc4.plain |
|
rsa_pubkey.plain |
|
Targets
-
-
Target
0di3x.bin
-
Size
111KB
-
MD5
bd97f762750d0e38e38d5e8f7363f66a
-
SHA1
9ae3d7053246289ff908758f9d60d79586f7fc9f
-
SHA256
d4b767b57f453d599559532d7351feeecd4027b89b0b117552b7a3432ed4a158
-
SHA512
d0f00c07563aab832b181a7ab93413a93f913f813c83d63c25f4473b7fa2003b4b2a83c97bd9766f9f45a7f2de9e922139a010612f21b15407c9f2bb58a53e39
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation