General
-
Target
0c234eb09ebee0e484dca3d0f6bf3072843b89527ecd6cfa4680eb27f0b8f032
-
Size
213KB
-
Sample
211026-npfbqshcd6
-
MD5
f50e748b30a91dd671d0c6fc2f8e8681
-
SHA1
67cee6fffd5e2ab09ed92f490b2f991902ce3c85
-
SHA256
0c234eb09ebee0e484dca3d0f6bf3072843b89527ecd6cfa4680eb27f0b8f032
-
SHA512
f081143710eef0ae705a7b145a46e0e08cbde32db587a8485b3867d0dcc17fb2378ee49ab35198072018a02ac384ce9b9532c2c944bbcbcbd38aae79a55f9f8a
Malware Config
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Extracted
raccoon
187e8d46623768b376fedb48580157fafedb4942
-
url4cnc
http://telegin.top/frombobu98s
http://ttmirror.top/frombobu98s
http://teletele.top/frombobu98s
http://telegalive.top/frombobu98s
http://toptelete.top/frombobu98s
http://telegraf.top/frombobu98s
https://t.me/frombobu98s
Targets
-
-
Target
0c234eb09ebee0e484dca3d0f6bf3072843b89527ecd6cfa4680eb27f0b8f032
-
Size
213KB
-
MD5
f50e748b30a91dd671d0c6fc2f8e8681
-
SHA1
67cee6fffd5e2ab09ed92f490b2f991902ce3c85
-
SHA256
0c234eb09ebee0e484dca3d0f6bf3072843b89527ecd6cfa4680eb27f0b8f032
-
SHA512
f081143710eef0ae705a7b145a46e0e08cbde32db587a8485b3867d0dcc17fb2378ee49ab35198072018a02ac384ce9b9532c2c944bbcbcbd38aae79a55f9f8a
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-