1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

General
Target

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

Size

292KB

Sample

211224-qsewgsecb5

Score
10 /10
MD5

d031b19ea54481dbc233f530bf819860

SHA1

e73264178b73105f1bd5d2339902e49f86d01691

SHA256

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

SHA512

8118aa5a207a923ca41bfaa298082c4938a5f3eb86f2bb8ffd553cac453a417e6538fa25b37d2daee2f23a33d10194ae5d0fa581fff751e4a2d4e198c037aabc

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/
rc4.i32
rc4.i32

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php
Targets
Target

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

MD5

d031b19ea54481dbc233f530bf819860

Filesize

292KB

Score
10/10
SHA1

e73264178b73105f1bd5d2339902e49f86d01691

SHA256

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

SHA512

8118aa5a207a923ca41bfaa298082c4938a5f3eb86f2bb8ffd553cac453a417e6538fa25b37d2daee2f23a33d10194ae5d0fa581fff751e4a2d4e198c037aabc

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association

  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
    Discovery
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
              Privilege Escalation