1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

General
Target

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

Size

292KB

Sample

211224-qsewgsecb5

Score
10 /10
MD5

d031b19ea54481dbc233f530bf819860

SHA1

e73264178b73105f1bd5d2339902e49f86d01691

SHA256

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

SHA512

8118aa5a207a923ca41bfaa298082c4938a5f3eb86f2bb8ffd553cac453a417e6538fa25b37d2daee2f23a33d10194ae5d0fa581fff751e4a2d4e198c037aabc

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

MD5

d031b19ea54481dbc233f530bf819860

Filesize

292KB

Score
10/10
SHA1

e73264178b73105f1bd5d2339902e49f86d01691

SHA256

1ab9781583d3109710ed4be779923b6439a241024403f99d928e4b54d255432c

SHA512

8118aa5a207a923ca41bfaa298082c4938a5f3eb86f2bb8ffd553cac453a417e6538fa25b37d2daee2f23a33d10194ae5d0fa581fff751e4a2d4e198c037aabc

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation