General

  • Target

    c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831

  • Size

    240KB

  • Sample

    230923-mb5tssec71

  • MD5

    5fdeef7f047f2458121c63cf3eccb0a1

  • SHA1

    4df6ad83070b0005caba93916ede933b90c4f908

  • SHA256

    c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831

  • SHA512

    7ec246f51150543836238df6bd6f1287a434fafb7816ea419109dcc4b6bfdac46c15ee0e7ebc342dd8113bfe13aea27bcab861367d7d298fc5f11cc710535b07

  • SSDEEP

    3072:YnlaE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDTVwzKDeQu9:YL5frpxdonyq4zaG2u5AO7eKW3Oquqp

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

fabookie

C2

http://app.nnnaajjjgc.com/check/safe

Targets

    • Target

      c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831

    • Size

      240KB

    • MD5

      5fdeef7f047f2458121c63cf3eccb0a1

    • SHA1

      4df6ad83070b0005caba93916ede933b90c4f908

    • SHA256

      c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831

    • SHA512

      7ec246f51150543836238df6bd6f1287a434fafb7816ea419109dcc4b6bfdac46c15ee0e7ebc342dd8113bfe13aea27bcab861367d7d298fc5f11cc710535b07

    • SSDEEP

      3072:YnlaE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDTVwzKDeQu9:YL5frpxdonyq4zaG2u5AO7eKW3Oquqp

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks