General

  • Target

    ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

  • Size

    292KB

  • Sample

    211224-rsdh4aedd8

  • MD5

    f42ff04ea5d33e085c1b2325e2c28a3b

  • SHA1

    57d63b9e6cc4a94dad314d7a5640200eeb3c930c

  • SHA256

    ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

  • SHA512

    f13e9482bdfd04ab603ef8a0ecc4a777b620978556107bdae218d17691f9370ed7e0879488da83f7fcd098180116da6efe2023c6a3ff8a891baea95b6d73f75a

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family

amadey

Version

2.86

C2

2.56.56.210/notAnoob/index.php

Targets

    • Target

      ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

    • Size

      292KB

    • MD5

      f42ff04ea5d33e085c1b2325e2c28a3b

    • SHA1

      57d63b9e6cc4a94dad314d7a5640200eeb3c930c

    • SHA256

      ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

    • SHA512

      f13e9482bdfd04ab603ef8a0ecc4a777b620978556107bdae218d17691f9370ed7e0879488da83f7fcd098180116da6efe2023c6a3ff8a891baea95b6d73f75a

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks