General

  • Target

    e77ed2ef75e8208468b772299f382a532c8ffb0894344ab80e5db06a7b2011c2

  • Size

    219KB

  • Sample

    230508-3qf2zsfb8y

  • MD5

    232eb29fb13a6d159dcea45a5d94310c

  • SHA1

    4aaa800dc6786f9f946bbf42f2640a34d4557d47

  • SHA256

    e77ed2ef75e8208468b772299f382a532c8ffb0894344ab80e5db06a7b2011c2

  • SHA512

    b28ae61535f4cb3afea32181f110d45f75e735d896d89bf65a4140e3ce377b2118805ae9b81591b04988c884c98e6112000b1a5906fe6450743599a6e4fb29c1

  • SSDEEP

    3072:8SB3p7rIN9o5UNpNNq3zI79zh+VBCIr5PYC3NLr:FB+YUNqjIpzh+HYs

Malware Config

Extracted

Family

smokeloader

Botnet

sel4

Extracted

Family

smokeloader

Version

2022

C2

http://seodatastats.xyz/cms/

rc4.i32
rc4.i32

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.1

Botnet

Default

C2

127.0.0.1:4449

127.0.0.1:44490

127.0.0.1:0

74.119.194.180:4449

74.119.194.180:44490

74.119.194.180:0

Mutex

juhudhmhdgvnbk

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      e77ed2ef75e8208468b772299f382a532c8ffb0894344ab80e5db06a7b2011c2

    • Size

      219KB

    • MD5

      232eb29fb13a6d159dcea45a5d94310c

    • SHA1

      4aaa800dc6786f9f946bbf42f2640a34d4557d47

    • SHA256

      e77ed2ef75e8208468b772299f382a532c8ffb0894344ab80e5db06a7b2011c2

    • SHA512

      b28ae61535f4cb3afea32181f110d45f75e735d896d89bf65a4140e3ce377b2118805ae9b81591b04988c884c98e6112000b1a5906fe6450743599a6e4fb29c1

    • SSDEEP

      3072:8SB3p7rIN9o5UNpNNq3zI79zh+VBCIr5PYC3NLr:FB+YUNqjIpzh+HYs

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Async RAT payload

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks