General
-
Target
BB67A245F1B9A49C4BF41DADFC8ACE6E.exe
-
Size
3.4MB
-
Sample
210601-wtce3dwere
-
MD5
bb67a245f1b9a49c4bf41dadfc8ace6e
-
SHA1
d16a2b6cc2dcf990b5c022ff75780e512c5893fb
-
SHA256
5b73fe2b2388fcd2b0f2c71f8499221e5ccd1bcfc4e31d2140d5eca1c3a45414
-
SHA512
abd5380fe2d054885a8d3ab378ab2a65885de41684f0af5d4e9c248a1dfd44ecb0852603e2e82f356900514803de4b8e23868e9c597aa58c54410aac5c2ff6f5
Static task
static1
Behavioral task
behavioral1
Sample
BB67A245F1B9A49C4BF41DADFC8ACE6E.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
BB67A245F1B9A49C4BF41DADFC8ACE6E.exe
Resource
win10v20210408
Malware Config
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Extracted
metasploit
windows/single_exec
Extracted
danabot
1827
3
184.95.51.183:443
184.95.51.175:443
192.210.198.12:443
184.95.51.180:443
-
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
Targets
-
-
Target
BB67A245F1B9A49C4BF41DADFC8ACE6E.exe
-
Size
3.4MB
-
MD5
bb67a245f1b9a49c4bf41dadfc8ace6e
-
SHA1
d16a2b6cc2dcf990b5c022ff75780e512c5893fb
-
SHA256
5b73fe2b2388fcd2b0f2c71f8499221e5ccd1bcfc4e31d2140d5eca1c3a45414
-
SHA512
abd5380fe2d054885a8d3ab378ab2a65885de41684f0af5d4e9c248a1dfd44ecb0852603e2e82f356900514803de4b8e23868e9c597aa58c54410aac5c2ff6f5
-
Glupteba Payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-