fbd74982061c5b8a51bb7513c681b9ef6a89d163fa9d451191899d10d15ceab8

General
Target

fbd74982061c5b8a51bb7513c681b9ef6a89d163fa9d451191899d10d15ceab8

Size

292KB

Sample

211224-teb48aeeh8

Score
10 /10
MD5

10faa416691892159990764fbb680344

SHA1

a48fa141a23829a4799e8fc5a2685df5192c6897

SHA256

fbd74982061c5b8a51bb7513c681b9ef6a89d163fa9d451191899d10d15ceab8

SHA512

cdaffcca120448607453dccb4de40c5446c1167b18c5a3763faa322dfabeafa36e4d0a7f898c2850fc8a3ceb201711624a9727a6a71cdfe996db49d31a150313

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32
rc4.i32

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

fbd74982061c5b8a51bb7513c681b9ef6a89d163fa9d451191899d10d15ceab8

MD5

10faa416691892159990764fbb680344

Filesize

292KB

Score
10/10
SHA1

a48fa141a23829a4799e8fc5a2685df5192c6897

SHA256

fbd74982061c5b8a51bb7513c681b9ef6a89d163fa9d451191899d10d15ceab8

SHA512

cdaffcca120448607453dccb4de40c5446c1167b18c5a3763faa322dfabeafa36e4d0a7f898c2850fc8a3ceb201711624a9727a6a71cdfe996db49d31a150313

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation