General
-
Target
2f6bac544fe67b6190c962a78b0fc82a.exe
-
Size
137KB
-
Sample
201229-czpq539zxa
-
MD5
2f6bac544fe67b6190c962a78b0fc82a
-
SHA1
05c582deb76f170c3d4e3d749e7bcd931ea61bbd
-
SHA256
5f0ed96dd82e54969f74392ab82759116ee18a2232f44b3cf9754b216d83e2a2
-
SHA512
ef6ddcc78da2ac6c89631a3e9249a415a17d567359c23b209b073d297c371918b36df8dc3a9eaaefd23dbe65d90afb639b5ea48187c46511c4e58996363ab5b9
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
2f6bac544fe67b6190c962a78b0fc82a.exe
-
Size
137KB
-
MD5
2f6bac544fe67b6190c962a78b0fc82a
-
SHA1
05c582deb76f170c3d4e3d749e7bcd931ea61bbd
-
SHA256
5f0ed96dd82e54969f74392ab82759116ee18a2232f44b3cf9754b216d83e2a2
-
SHA512
ef6ddcc78da2ac6c89631a3e9249a415a17d567359c23b209b073d297c371918b36df8dc3a9eaaefd23dbe65d90afb639b5ea48187c46511c4e58996363ab5b9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
AgentTesla Payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-