General

  • Target

    3ab4f041abd53fecc70c291ad0793bd4444f46737f11e1cc2ac299b4a7cb3530

  • Size

    202KB

  • Sample

    230508-3l1wlafb2z

  • MD5

    9c994081087ba08cadce7d8d323b6bdc

  • SHA1

    6716c941e677457ef74d9d895bd771e4a89c4295

  • SHA256

    3ab4f041abd53fecc70c291ad0793bd4444f46737f11e1cc2ac299b4a7cb3530

  • SHA512

    7e50a65c7e8940d08d854ff9e7e2e214ea092db3c5afebf7d22ab34a208090b2de912f6cd44e9eae3d156724f0975f8ce2315b66303b67ad1da6ae925e7206c3

  • SSDEEP

    3072:iGxsJceBg6dWpRGqC7q2P98K+1buhTJwB0cnqC5rRNGlGRl:9CB1gCOM91Hh96BRN

Malware Config

Extracted

Family

smokeloader

Botnet

sel4

Extracted

Family

smokeloader

Version

2022

C2

http://seodatastats.xyz/cms/

rc4.i32
rc4.i32

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.1

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:44490

127.0.0.1:0

74.119.194.180:4449

74.119.194.180:44490

74.119.194.180:0

Mutex

juhudhmhdgvnbk

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      3ab4f041abd53fecc70c291ad0793bd4444f46737f11e1cc2ac299b4a7cb3530

    • Size

      202KB

    • MD5

      9c994081087ba08cadce7d8d323b6bdc

    • SHA1

      6716c941e677457ef74d9d895bd771e4a89c4295

    • SHA256

      3ab4f041abd53fecc70c291ad0793bd4444f46737f11e1cc2ac299b4a7cb3530

    • SHA512

      7e50a65c7e8940d08d854ff9e7e2e214ea092db3c5afebf7d22ab34a208090b2de912f6cd44e9eae3d156724f0975f8ce2315b66303b67ad1da6ae925e7206c3

    • SSDEEP

      3072:iGxsJceBg6dWpRGqC7q2P98K+1buhTJwB0cnqC5rRNGlGRl:9CB1gCOM91Hh96BRN

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Async RAT payload

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks