General
Target

ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

Size

292KB

Sample

211224-rsdh4aedd8

Score
10/10
MD5

f42ff04ea5d33e085c1b2325e2c28a3b

SHA1

57d63b9e6cc4a94dad314d7a5640200eeb3c930c

SHA256

ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

SHA512

f13e9482bdfd04ab603ef8a0ecc4a777b620978556107bdae218d17691f9370ed7e0879488da83f7fcd098180116da6efe2023c6a3ff8a891baea95b6d73f75a

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family

amadey

Version

2.86

C2

2.56.56.210/notAnoob/index.php

Targets
Target

ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

MD5

f42ff04ea5d33e085c1b2325e2c28a3b

Filesize

292KB

Score
10/10
SHA1

57d63b9e6cc4a94dad314d7a5640200eeb3c930c

SHA256

ad88a89c2eb9df00ed86ea84348fbd8d5ec0af5c3587b68102334d3eb7581ad0

SHA512

f13e9482bdfd04ab603ef8a0ecc4a777b620978556107bdae218d17691f9370ed7e0879488da83f7fcd098180116da6efe2023c6a3ff8a891baea95b6d73f75a

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                Score
                N/A