General
-
Target
de47e4ea08c1472b03673d2f85467854fdf7861d3007fee0748cb5c6924f8771
-
Size
239KB
-
Sample
230923-3zlc3aah61
-
MD5
ec85f63694f6c455542a038df9e1a9a3
-
SHA1
974c3c1e494a332abab90247663826f4b02b6d93
-
SHA256
de47e4ea08c1472b03673d2f85467854fdf7861d3007fee0748cb5c6924f8771
-
SHA512
236d52615acf82712a3634866413e5179943da48ff761a2841570436c22e2537dfb7ad4446742333783e9087536d50c2fbc8a65da85da0fc7c9e58bc21621a0a
-
SSDEEP
6144:ji46fuYXChoQTjlFgLuCY1dRuAOZoVA3w8y0:jnYzXChdTbv1bu0e3w8y
Static task
static1
Behavioral task
behavioral1
Sample
de47e4ea08c1472b03673d2f85467854fdf7861d3007fee0748cb5c6924f8771.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
de47e4ea08c1472b03673d2f85467854fdf7861d3007fee0748cb5c6924f8771
-
Size
239KB
-
MD5
ec85f63694f6c455542a038df9e1a9a3
-
SHA1
974c3c1e494a332abab90247663826f4b02b6d93
-
SHA256
de47e4ea08c1472b03673d2f85467854fdf7861d3007fee0748cb5c6924f8771
-
SHA512
236d52615acf82712a3634866413e5179943da48ff761a2841570436c22e2537dfb7ad4446742333783e9087536d50c2fbc8a65da85da0fc7c9e58bc21621a0a
-
SSDEEP
6144:ji46fuYXChoQTjlFgLuCY1dRuAOZoVA3w8y0:jnYzXChdTbv1bu0e3w8y
-
Detect Fabookie payload
-
Detect rhadamanthys stealer shellcode
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-