Overview

overview

10

Static

static

3

a.exe

windows10-2004-x64

10

Resubmissions

11-11-2023 08:23

231111-j96bfacf5s 10

08-11-2023 14:52

231108-r8x8facc5z 10

27-10-2023 03:52

231027-ee6lhabh8x 10

27-10-2023 03:51

231027-ee1p9abh8s 10

25-10-2023 10:35

231025-mm3htagf6y 10

23-10-2023 09:11

231023-k5l8fahc84 10

21-10-2023 11:53

231021-n2kf8aga32 10

21-10-2023 11:26

231021-njywwsfg64 10

20-10-2023 21:27

231020-1a8qysbe9t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a.exe

  • Size

    5KB

  • Sample

    230626-f611rshe91

  • MD5

    800a6337b0b38274efe64875d15f70c5

  • SHA1

    6b0858c5f9a2e2b5980aac05749e3d6664a60870

  • SHA256

    76a7490d3f1b0685f60a417d1c9cf96927b473825a914221f092f82ea112b571

  • SHA512

    bf337140044a4674d69f7a2db30389e248593a99826c8731bc0a5ac71e46819eb539d8c7cbeab48108310359f5604e02e3bd64f17d9fdd380b574f329543645e

  • SSDEEP

    48:6O/tGt28lK9iqmcfaFXfkeLJhyPFlWa8tYb/INV/cpwOulavTqXSfbNtm:j/IUiqtaJkeqDUt5xcpmsvNzNt

Score
10/10
agentteslaamadeyfabookielgoogloaderquasarredlinesmokeloaderwarzoneratbuil1drakepub5backdoordownloaderevasioninfostealerkeyloggerratspywarestealertrojanupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://sungeomatics.com/css/colors/debug2.ps1

Extracted

Family

warzonerat

C2

179.43.162.58:5200

Extracted

Family

redline

Botnet

buil1

C2

77.246.105.2:36110

Attributes
  • auth_value

    71846fcfc9b13957c1f75bc1aac3a885

Extracted

Family

amadey

Version

3.84

C2

109.206.241.33/9bDc8sQ/index.php

Extracted

Family

redline

Botnet

drake

C2

83.97.73.131:19071

Attributes
  • auth_value

    74ce6ffe4025a2e4027fb727915e7d7c

Extracted

Family

amadey

Version

3.83

C2

45.9.74.80/0bjdn2Z/index.php

Extracted

Family

smokeloader

Botnet

pub5

Targets

    • Target

      a.exe

    • Size

      5KB

    • MD5

      800a6337b0b38274efe64875d15f70c5

    • SHA1

      6b0858c5f9a2e2b5980aac05749e3d6664a60870

    • SHA256

      76a7490d3f1b0685f60a417d1c9cf96927b473825a914221f092f82ea112b571

    • SHA512

      bf337140044a4674d69f7a2db30389e248593a99826c8731bc0a5ac71e46819eb539d8c7cbeab48108310359f5604e02e3bd64f17d9fdd380b574f329543645e

    • SSDEEP

      48:6O/tGt28lK9iqmcfaFXfkeLJhyPFlWa8tYb/INV/cpwOulavTqXSfbNtm:j/IUiqtaJkeqDUt5xcpmsvNzNt

    Score
    10/10
    agentteslaamadeyfabookielgoogloaderquasarredlinesmokeloaderwarzoneratbuil1drakepub5backdoordownloaderevasioninfostealerkeyloggerratspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Fabookie payload

    • Detects LgoogLoader payload

    • Fabookie

      Fabookie is facebook account info stealer.

      spywarestealerfabookie

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

      downloaderlgoogloader

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks