Overview

overview

10

Static

static

98D129283F...76.exe

windows11_x64

10

Resubmissions

13-08-2021 21:02

210813-bjmap25x1e 10

13-08-2021 19:12

210813-3r982d31g6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98D129283FCCF504ADB59F2FF02BDF76.exe

  • Size

    3.3MB

  • Sample

    210813-bjmap25x1e

  • MD5

    98d129283fccf504adb59f2ff02bdf76

  • SHA1

    8113b09b48cda4b933b7621915ede9ec80b4438b

  • SHA256

    6e19816cb41452f85a6f40216c40140066ea8bc999d81e378dd3b5daefd26347

  • SHA512

    d973ae7652aaaad55f7eadca5a640047aeeb9761995f4096e6fa7d92dc09899f9ce8e593d540b83b6471a69f015d1d81eafa94a8e8edf2b5be5bccba1c31d9d2

Score
10/10
raccoonredlinesmokeloadersocelarsvidaraspackv2backdoorinfostealerstealersuricatatrojanvmprotect

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/
rc4.i32
rc4.i32

Targets

    • Target

      98D129283FCCF504ADB59F2FF02BDF76.exe

    • Size

      3.3MB

    • MD5

      98d129283fccf504adb59f2ff02bdf76

    • SHA1

      8113b09b48cda4b933b7621915ede9ec80b4438b

    • SHA256

      6e19816cb41452f85a6f40216c40140066ea8bc999d81e378dd3b5daefd26347

    • SHA512

      d973ae7652aaaad55f7eadca5a640047aeeb9761995f4096e6fa7d92dc09899f9ce8e593d540b83b6471a69f015d1d81eafa94a8e8edf2b5be5bccba1c31d9d2

    Score
    10/10
    raccoonredlinesmokeloadersocelarsvidaraspackv2backdoorinfostealerstealersuricatatrojanvmprotect

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

      stealersocelars

    • Socelars Payload

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)

      suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)

      suricata

    • suricata: ET MALWARE Sharik/Smoke CnC Beacon 11

      suricata: ET MALWARE Sharik/Smoke CnC Beacon 11

      suricata

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • Vidar Stealer

      stealer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Downloads MZ/PE file

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks