General
-
Target
6d4ed776acacc3edaf7baf74f86da1fe.exe
-
Size
136KB
-
Sample
201229-lws6w3en82
-
MD5
6d4ed776acacc3edaf7baf74f86da1fe
-
SHA1
6da8aa9783b22db9087e616e84b5047bfa1369e3
-
SHA256
e5e79c6dc16f0979868b0c5d78128d03c98b233db16d9a994a45daf01088183d
-
SHA512
770b7c0462b9ca3e760b2b869a679cb4a7cdf6742a89b002c18229faec7166909bff1d780290039b30ef68f948e96d5f8025c77f34359c0a25536b92d5e95215
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
6d4ed776acacc3edaf7baf74f86da1fe.exe
-
Size
136KB
-
MD5
6d4ed776acacc3edaf7baf74f86da1fe
-
SHA1
6da8aa9783b22db9087e616e84b5047bfa1369e3
-
SHA256
e5e79c6dc16f0979868b0c5d78128d03c98b233db16d9a994a45daf01088183d
-
SHA512
770b7c0462b9ca3e760b2b869a679cb4a7cdf6742a89b002c18229faec7166909bff1d780290039b30ef68f948e96d5f8025c77f34359c0a25536b92d5e95215
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
AgentTesla Payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-