General
-
Target
f7b5d055b422bccb70721357e0787b3ac0cb05685ec50ca7cb5285778911eea5
-
Size
534KB
-
Sample
230922-ly4dtahc93
-
MD5
3d1a15109f8af2cb1d777017fdb3bb10
-
SHA1
28679b69e8c2932d3023a7a3469991f5033295d3
-
SHA256
f7b5d055b422bccb70721357e0787b3ac0cb05685ec50ca7cb5285778911eea5
-
SHA512
0a207924d8abcbe580738fbb46f23fca26bb8b9fac629b869e099dce4e4fd683b89d42a68c94f317faae7183f0c20e8a9c7de07da4391abb5c6656a71b8bcdc1
-
SSDEEP
6144:4+4UxvdjNgBoHFIZ0YesFZITJuUQnFyGY9fV:UQNg2FTJuUQnFJGV
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
f7b5d055b422bccb70721357e0787b3ac0cb05685ec50ca7cb5285778911eea5
-
Size
534KB
-
MD5
3d1a15109f8af2cb1d777017fdb3bb10
-
SHA1
28679b69e8c2932d3023a7a3469991f5033295d3
-
SHA256
f7b5d055b422bccb70721357e0787b3ac0cb05685ec50ca7cb5285778911eea5
-
SHA512
0a207924d8abcbe580738fbb46f23fca26bb8b9fac629b869e099dce4e4fd683b89d42a68c94f317faae7183f0c20e8a9c7de07da4391abb5c6656a71b8bcdc1
-
SSDEEP
6144:4+4UxvdjNgBoHFIZ0YesFZITJuUQnFyGY9fV:UQNg2FTJuUQnFJGV
Score10/10-
Detect Fabookie payload
-
Fabookie
Fabookie is facebook account info stealer.
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-