General
-
Target
Password_is_7364857387___Avast-AntiTrack.zip
-
Size
4.3MB
-
Sample
211024-axdwzsdefk
-
MD5
c2a41a6697e268277d11fb2ecba945d6
-
SHA1
62884f5306332033357140c2c8ad30b5aec62fe5
-
SHA256
b284db1c18a1de3f8d030f52675d176afe2fd06551ece07a8d14f6a244bafc4f
-
SHA512
43889e94777d2d786edb368546d75292974ce740f9ec909ba3ec917777f473dc173004dab45a9a58c0dfce76932b264524c81c200a1c22eb6ce37d372bf896ab
Static task
static1
Behavioral task
behavioral1
Sample
setup_x86_x64_install.exe
Resource
win7-en-20210920
Malware Config
Extracted
smokeloader
2020
http://directorycart.com/upload/
http://tierzahnarzt.at/upload/
http://streetofcards.com/upload/
http://ycdfzd.com/upload/
http://successcoachceo.com/upload/
http://uhvu.cn/upload/
http://japanarticle.com/upload/
Extracted
redline
ChrisNEW
194.104.136.5:46013
Extracted
vidar
41.5
933
https://mas.to/@xeroxxx
-
profile_id
933
Targets
-
-
Target
setup_x86_x64_install.exe
-
Size
4.3MB
-
MD5
3583e4e386507445e91a43c1adac72ac
-
SHA1
63867bf042e757997708cb0112d721333c71474f
-
SHA256
4948d7cf0a5a4c64a09f565d0f757225d332cf89ad8dc854c008240524bd549b
-
SHA512
42d95a1d91a556eff93f2c21354e4d7ada40ba2fbe509ffd139323464d79cbae4ddc1254ce85d2a5c7666585b0f6816a102e4ad616e387630aee1100c815ac5a
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
suricata: ET MALWARE GCleaner Downloader Activity M5
suricata: ET MALWARE GCleaner Downloader Activity M5
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-