General
-
Target
6cb850838903e67b6febec71511b9965
-
Size
238KB
-
Sample
201117-flpzfybyb2
-
MD5
6bb5605eeb883bbe15b7c08ceb136688
-
SHA1
975ce4a1353b1b233d581341539dc43f4d227b8a
-
SHA256
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
-
SHA512
5768069b70fc338a32903b01387be5fd16d3edbeb1b7e8df8f87e5694d694b590fa65e2fa27d4eefee30fe97bf692c4dec0871c901d2f7705356988c6d2ecbf3
Malware Config
Extracted
smokeloader
2020
http://rexstat35xm.xyz/statweb577/
http://dexspot2cx.club/statweb577/
http://atxspot20cx.best/statweb577/
http://rexspot7xm.xyz/statweb577/
http://datasectex.com/statweb577/
http://servicem977xm.xyz/statweb577/
http://advertxman7cx.xyz/statweb577/
http://starxpush7xm.xyz/statweb577/
Targets
-
-
Target
6cb850838903e67b6febec71511b9965
-
Size
238KB
-
MD5
6bb5605eeb883bbe15b7c08ceb136688
-
SHA1
975ce4a1353b1b233d581341539dc43f4d227b8a
-
SHA256
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
-
SHA512
5768069b70fc338a32903b01387be5fd16d3edbeb1b7e8df8f87e5694d694b590fa65e2fa27d4eefee30fe97bf692c4dec0871c901d2f7705356988c6d2ecbf3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
AgentTesla Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
JavaScript code in executable
-
Suspicious use of SetThreadContext
-