General
-
Target
677522504448bf38829bf36ac5f7bec74725370cb77539ce7bb9578da6f5182a
-
Size
222KB
-
Sample
211012-zqra6sdadj
-
MD5
d4c1b28a379541f4863d88626a222b1d
-
SHA1
8ff062a14bc961f8157eb418e5f761a964a4bff5
-
SHA256
677522504448bf38829bf36ac5f7bec74725370cb77539ce7bb9578da6f5182a
-
SHA512
f96e499098380994b1da9e1d3a77a4e3544ad6c8151b7563862265d0df70ea30c8ba954bebf91c8739e3142f9136aef3f71a34eef11e997092b0a2811f829759
Malware Config
Extracted
smokeloader
2020
http://linavanandr11.club/
http://iselaharty12.club/
http://giovaninardo13.club/
http://zayneliann14.club/
http://zorinosali15.club/
Extracted
raccoon
1.8.2
27d80aa27e80cd2ef63c638e2752e24242d1b37c
-
url4cnc
http://telemirror.top/ararius809b
http://tgmirror.top/ararius809b
http://telegatt.top/ararius809b
http://telegka.top/ararius809b
http://telegin.top/ararius809b
https://t.me/ararius809b
Extracted
raccoon
1.8.2
676b1a32c7d2ce2aba84e8823871900d67e00049
-
url4cnc
http://telemirror.top/kaba4ello
http://tgmirror.top/kaba4ello
http://telegatt.top/kaba4ello
http://telegka.top/kaba4ello
http://telegin.top/kaba4ello
https://t.me/kaba4ello
Extracted
redline
w1
109.234.34.165:12323
Extracted
redline
MegaProliv
93.115.20.139:28978
Extracted
raccoon
1.8.2
c8fdd015293e99dac71bc0cfc194d3ce612abf3e
-
url4cnc
http://telemirror.top/rocketmanthem2
http://tgmirror.top/rocketmanthem2
http://telegatt.top/rocketmanthem2
http://telegka.top/rocketmanthem2
http://telegin.top/rocketmanthem2
https://t.me/rocketmanthem2
Extracted
raccoon
1.8.2
8d179b9e611eee525425544ee8c6d77360ab7cd9
-
url4cnc
http://teletop.top/agrybirdsgamerept
http://teleta.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept
Targets
-
-
Target
677522504448bf38829bf36ac5f7bec74725370cb77539ce7bb9578da6f5182a
-
Size
222KB
-
MD5
d4c1b28a379541f4863d88626a222b1d
-
SHA1
8ff062a14bc961f8157eb418e5f761a964a4bff5
-
SHA256
677522504448bf38829bf36ac5f7bec74725370cb77539ce7bb9578da6f5182a
-
SHA512
f96e499098380994b1da9e1d3a77a4e3544ad6c8151b7563862265d0df70ea30c8ba954bebf91c8739e3142f9136aef3f71a34eef11e997092b0a2811f829759
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
ServHelper
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-