92f4947a55cb2be277eaddbf19961d1d740ec923e3ad092c04022a509882c904

General
Target

92f4947a55cb2be277eaddbf19961d1d740ec923e3ad092c04022a509882c904

Size

292KB

Sample

211224-s2rbzseef3

Score
10 /10
MD5

c510cd7a298c2a8b3776f6d4c6e9bfb4

SHA1

90a41745ceb34199a6ef116c380ff1125930db28

SHA256

92f4947a55cb2be277eaddbf19961d1d740ec923e3ad092c04022a509882c904

SHA512

c60ebee8d575202a304ca07f86ec5c6ffe3d7222cac097f19708c0f1500caa7126245e0293a183f042f06e95f66dd52bec2116fee0a84100f4f6225d4a8c1fb5

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

92f4947a55cb2be277eaddbf19961d1d740ec923e3ad092c04022a509882c904

MD5

c510cd7a298c2a8b3776f6d4c6e9bfb4

Filesize

292KB

Score
10/10
SHA1

90a41745ceb34199a6ef116c380ff1125930db28

SHA256

92f4947a55cb2be277eaddbf19961d1d740ec923e3ad092c04022a509882c904

SHA512

c60ebee8d575202a304ca07f86ec5c6ffe3d7222cac097f19708c0f1500caa7126245e0293a183f042f06e95f66dd52bec2116fee0a84100f4f6225d4a8c1fb5

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation