General
-
Target
ab2921ce4e4c87e9da8995a7410dad79.exe
-
Size
137KB
-
Sample
201229-zkwytw354e
-
MD5
ab2921ce4e4c87e9da8995a7410dad79
-
SHA1
6d193056924863acafe7f691f3a42f00e9ad56fb
-
SHA256
534bbc160d7b57080707e7ac87dc9c0a9fcf8b13f86887401bf53fb2dbe6ccbd
-
SHA512
406b81aaa62413c0969c94b77f606b46eefb2879b8d5514ea3d02238ae74a76cb861f8bcf2e825bfb18701837488be074f138d5207632bb875596bbab617f13f
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
ab2921ce4e4c87e9da8995a7410dad79.exe
-
Size
137KB
-
MD5
ab2921ce4e4c87e9da8995a7410dad79
-
SHA1
6d193056924863acafe7f691f3a42f00e9ad56fb
-
SHA256
534bbc160d7b57080707e7ac87dc9c0a9fcf8b13f86887401bf53fb2dbe6ccbd
-
SHA512
406b81aaa62413c0969c94b77f606b46eefb2879b8d5514ea3d02238ae74a76cb861f8bcf2e825bfb18701837488be074f138d5207632bb875596bbab617f13f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
AgentTesla Payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-