c404d536689d4aae9855077a70370115dfb217d9c31ddd401029318dea33d10c

General
Target

c404d536689d4aae9855077a70370115dfb217d9c31ddd401029318dea33d10c

Size

291KB

Sample

211224-p8bckaebe9

Score
10 /10
MD5

0e3ef0c72f7380b2ee49f99491e9cee8

SHA1

a9fbfc6e8b5a61c01a58a909727912b2f6a64259

SHA256

c404d536689d4aae9855077a70370115dfb217d9c31ddd401029318dea33d10c

SHA512

8de48c221004fca6a08efb44203bd69d1bc33648362273bedcf76144f660dfdf73217880b357e53ac346e2043fba35616597e66c1c927b09e23ede2c63ec044c

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

c404d536689d4aae9855077a70370115dfb217d9c31ddd401029318dea33d10c

MD5

0e3ef0c72f7380b2ee49f99491e9cee8

Filesize

291KB

Score
10/10
SHA1

a9fbfc6e8b5a61c01a58a909727912b2f6a64259

SHA256

c404d536689d4aae9855077a70370115dfb217d9c31ddd401029318dea33d10c

SHA512

8de48c221004fca6a08efb44203bd69d1bc33648362273bedcf76144f660dfdf73217880b357e53ac346e2043fba35616597e66c1c927b09e23ede2c63ec044c

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation