Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Resubmissions

09-08-2023 18:08

230809-wqxw6sed96 10

11-01-2023 19:15

230111-xx8gxshh71 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    321KB

  • Sample

    230809-wqxw6sed96

  • MD5

    3a4d880059c9a5cc560a6492ef9dd374

  • SHA1

    fc94771824b10e6b49ded2d6813774515c53b21e

  • SHA256

    fd8d1e70b3e9c7188a151be315a9daaf94af8d8da9950899a88af5cf9886e968

  • SHA512

    f3999f1b3e11bb9838275171bc1f584cd7bc61e15ae1c93aec46623cc5597f9d428e637127b3bafb9bf93dcd50eb7e85953e7a96fd52d06597d25201d1cb241f

  • SSDEEP

    6144:H/fZ25NhJaRFAl2E83mNVilP3Zi5RadxFzC:fB25NB82/83ZiWd

Score
10/10
djvufabookiegluptebaredlinesmokeloaderlogsdiller cloud (tg: @logsdillabot)lux3up3backdoordiscoverydropperinfostealerloaderransomwarespywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes
  • auth_value

    e94dff9a76da90d6b000642c4a52574b

Extracted

Family

djvu

C2

http://zexeq.com/raud/get.php

http://zexeq.com/lancer/get.php
Attributes
  • extension

    .yyza

  • offline_id

    UcKp2U8xIAuhirf1rVzlXed6KBYXf0O1WXF2njt1

  • payload_url

    http://colisumy.com/dl/build2.exe

    http://zexeq.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-xZJtZ8PDb2 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0758JOsie

rsa_pubkey.plain

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

209.250.248.11:33522

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks