General

  • Target

    0003a33e4c077a5fc2b492cca1540667323576b9c8c989a5bf2a5e00cd308a2d

  • Size

    181KB

  • Sample

    230913-cvjqkaha4v

  • MD5

    dcd631448adc3d05f881ef9dc6acd79b

  • SHA1

    cf8dbe03b183f141c5558c099c873feececeaa0f

  • SHA256

    0003a33e4c077a5fc2b492cca1540667323576b9c8c989a5bf2a5e00cd308a2d

  • SHA512

    9c7c6490213356b260feaf88eb126b313a305efe5a9a5f881a4d8ea9fe343824a4afb51103e11cfb1f8b5f62dad85271a89b73b53e9bc882a161d256c260bddd

  • SSDEEP

    3072:4hE00LOteJ2Zz0v/JO1UfcgACd6pSAJjU795GbyP9:AH0LOo4ZwXJOucgNA6iu

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

rc4.i32
rc4.i32

Extracted

Family

redline

C2

38.181.25.43:3325

Attributes
  • auth_value

    082cde17c5630749ecb0376734fe99c9

Extracted

Family

redline

Botnet

lux3

C2

176.123.9.142:14845

Attributes
  • auth_value

    e94dff9a76da90d6b000642c4a52574b

Extracted

Family

redline

Botnet

smokiez_build

C2

194.169.175.232:45450

Attributes
  • auth_value

    2e68bc276986767f0f14a3d75567abcd

Extracted

Family

amadey

Version

3.87

C2

http://79.137.192.18/9bDc8sQ/index.php

Attributes
  • install_dir

    577f58beff

  • install_file

    yiueea.exe

  • strings_key

    a5085075a537f09dec81cc154ec0af4d

rc4.plain

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.38.95.107:42494

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      0003a33e4c077a5fc2b492cca1540667323576b9c8c989a5bf2a5e00cd308a2d

    • Size

      181KB

    • MD5

      dcd631448adc3d05f881ef9dc6acd79b

    • SHA1

      cf8dbe03b183f141c5558c099c873feececeaa0f

    • SHA256

      0003a33e4c077a5fc2b492cca1540667323576b9c8c989a5bf2a5e00cd308a2d

    • SHA512

      9c7c6490213356b260feaf88eb126b313a305efe5a9a5f881a4d8ea9fe343824a4afb51103e11cfb1f8b5f62dad85271a89b73b53e9bc882a161d256c260bddd

    • SSDEEP

      3072:4hE00LOteJ2Zz0v/JO1UfcgACd6pSAJjU795GbyP9:AH0LOo4ZwXJOucgNA6iu

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks