4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0

General
Target

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0

Size

291KB

Sample

211224-skhnhsddbl

Score
10 /10
MD5

872b04e80be0331efa9ac74df5c45e62

SHA1

8bcd6911de6ee70a57d42f365d43fd4a22d65ee0

SHA256

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0

SHA512

1867aaf71f585f9fc78b5363ec379ca03fba646e5f647fa9335b4897ad8e3e13bd0fa83617e8fb8a63871b55c359094d3326e90b7d321d6e8b1123e472cb4219

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0

MD5

872b04e80be0331efa9ac74df5c45e62

Filesize

291KB

Score
10/10
SHA1

8bcd6911de6ee70a57d42f365d43fd4a22d65ee0

SHA256

4161b47ee520541835f5b43c966202df398b7ff882b6959d4ec4210cb638bce0

SHA512

1867aaf71f585f9fc78b5363ec379ca03fba646e5f647fa9335b4897ad8e3e13bd0fa83617e8fb8a63871b55c359094d3326e90b7d321d6e8b1123e472cb4219

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation