General
-
Target
9e67104adeb57988cc9c495a21983e88b4d6967786d49f584a8e824fee8aacb1
-
Size
318KB
-
Sample
211207-a6ff6sadg6
-
MD5
cc73917de2123e14ca3be379e9eac3f8
-
SHA1
2bc2ae34f60cb49b27e304a4054994cd50618e80
-
SHA256
9e67104adeb57988cc9c495a21983e88b4d6967786d49f584a8e824fee8aacb1
-
SHA512
927e500abeb1fe582f3ea58a04d3415ce75f7e0253f959557dd057996684a98652e900e40eeb1d883267769311e66d86f4010a078e275089655857abb3d26558
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Extracted
raccoon
1.8.3-hotfix
a265248b3381a96b9544405f000f9ebe9ef2475e
-
url4cnc
http://91.219.236.27/opussenseus1
http://94.158.245.167/opussenseus1
http://185.163.204.216/opussenseus1
http://185.225.19.238/opussenseus1
http://185.163.204.218/opussenseus1
https://t.me/opussenseus1
Targets
-
-
Target
9e67104adeb57988cc9c495a21983e88b4d6967786d49f584a8e824fee8aacb1
-
Size
318KB
-
MD5
cc73917de2123e14ca3be379e9eac3f8
-
SHA1
2bc2ae34f60cb49b27e304a4054994cd50618e80
-
SHA256
9e67104adeb57988cc9c495a21983e88b4d6967786d49f584a8e824fee8aacb1
-
SHA512
927e500abeb1fe582f3ea58a04d3415ce75f7e0253f959557dd057996684a98652e900e40eeb1d883267769311e66d86f4010a078e275089655857abb3d26558
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-