Description
A tiny loader that uses IPLogger to get its payload.
http://zcracked.com
220127-wtymwaggfj
Family | socelars |
C2 |
http://www.anquyebt.com/ |
Family | smokeloader |
Version | 2020 |
C2 |
http://abpa.at/upload/ http://emaratghajari.com/upload/ http://d7qw.cn/upload/ http://alumik-group.ru/upload/ http://zamkikurgan.ru/upload/ http://host-data-coin-11.com/ http://file-coin-host-12.com/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | redline |
Botnet | 20kProfessor2 |
C2 |
157.90.17.156:56409 |
http://zcracked.com
A tiny loader that uses IPLogger to get its payload.
This typically indicates the parent process was compromised via an exploit or macro.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Socelars is an infostealer targeting browser cookies and credit card credentials.
suricata: ET MALWARE ClipBanker Variant Activity (POST)
suricata: ET MALWARE Fake Software Download Redirect Leading to Malware M3
suricata: ET MALWARE GCleaner Downloader Activity M5
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Detects executables packed with ASPack v2.12-2.42
Looks up country code configured in the registry, likely geofence.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.
Uses a legitimate geolocation service to find the infected system's geolocation info.