General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
amadey
Version
3.83
C2
45.9.74.80/0bjdn2Z/index.php
Extracted
Family
smokeloader
Botnet
pub5
Extracted
Family
smokeloader
Version
2022
C2
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
rc4.i32
rc4.i32
Extracted
Family
smokeloader
Botnet
up3
Extracted
Family
gcleaner
C2
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Extracted
Family
smokeloader
Version
2020
C2
http://host-file-host6.com/
http://host-host-file8.com/
rc4.i32
rc4.i32
Targets
-
-
Target
http://45.9.74.80/obins.exe
-
Detect Fabookie payload
-
Glupteba payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-