Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Resubmissions

04/07/2023, 00:09

230704-afj2nsae39 10

27/06/2023, 04:36

230627-e8fxyadh81 10

27/06/2023, 03:34

230627-d417msdg9x 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc

  • Size

    30KB

  • Sample

    230627-d417msdg9x

  • MD5

    35a15fad3767597b01a20d75c3c6889a

  • SHA1

    eef19e2757667578f73c4b5720cf94c2ab6e60c8

  • SHA256

    90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc

  • SHA512

    c1ea2659e28130f00869391a33dfdc2a763a710a56de2acaa6c71caa9c1eb5809e7ca1dfa1620ac5c3174052d3e277b832853a137a4663483855295fdab23577

  • SSDEEP

    384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

Score
10/10
amadeyredlinesmokeloadersmokebackdoordiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

smoke

C2

83.97.73.131:19071

Attributes
  • auth_value

    aaa47198b84c95fcce9397339e8af9d4

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc

    • Size

      30KB

    • MD5

      35a15fad3767597b01a20d75c3c6889a

    • SHA1

      eef19e2757667578f73c4b5720cf94c2ab6e60c8

    • SHA256

      90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc

    • SHA512

      c1ea2659e28130f00869391a33dfdc2a763a710a56de2acaa6c71caa9c1eb5809e7ca1dfa1620ac5c3174052d3e277b832853a137a4663483855295fdab23577

    • SSDEEP

      384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

    Score
    10/10
    smokeloaderbackdoortrojanamadeyredlinesmokediscoveryevasioninfostealerpersistencespywarestealer

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks