General
-
Target
69f3a70a7903f71bcf0d6ed3daaea72c2c0e9c4243750f10ffbb870cb57b05d6
-
Size
319KB
-
Sample
211207-tca45seab9
-
MD5
0d27d4a937d39f29767655a0fb3388cf
-
SHA1
e951e11b7a8a529916723a58e96c8ce3954f8b42
-
SHA256
69f3a70a7903f71bcf0d6ed3daaea72c2c0e9c4243750f10ffbb870cb57b05d6
-
SHA512
b53f3a42c51a4a36b5bbce7a1661115597eff7dc7d4862fcc71abef1091ac87fe0de947bce1236a9ee846ef33e44c47b048b7912acf662d82c3b54700d756ba4
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Extracted
icedid
3439131404
grendafolz.com
Extracted
systembc
185.209.30.180:4001
Targets
-
-
Target
69f3a70a7903f71bcf0d6ed3daaea72c2c0e9c4243750f10ffbb870cb57b05d6
-
Size
319KB
-
MD5
0d27d4a937d39f29767655a0fb3388cf
-
SHA1
e951e11b7a8a529916723a58e96c8ce3954f8b42
-
SHA256
69f3a70a7903f71bcf0d6ed3daaea72c2c0e9c4243750f10ffbb870cb57b05d6
-
SHA512
b53f3a42c51a4a36b5bbce7a1661115597eff7dc7d4862fcc71abef1091ac87fe0de947bce1236a9ee846ef33e44c47b048b7912acf662d82c3b54700d756ba4
Score10/10-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-