General
-
Target
5e28747dd875e98a37142b88afc399cd2298e0943976c542dd8f67c4f5dfd2c6
-
Size
1.5MB
-
Sample
231101-wh5l2sdb53
-
MD5
98e81402e690f2d0ac31e30771d5340f
-
SHA1
197b72874a42022dab62d338eb6d5b76543d6473
-
SHA256
ee75f83fb2f1b0a9239490984d62dcc1db0ab84770904c4fdcc6e283df4d75d8
-
SHA512
0bc4402ebd55e51fa6ec3c26b58c168bbbbe54ba9fa86ad41ba894dc51923af4689ea306cd215eae6eb7ee8b818c365a2da80c594c59a7df3981b439ca7d4f1d
-
SSDEEP
49152:S0s/NZcJz835E7G5uuQpoMSPPZ0usTqWYOp:R7GSmMSPR0RYi
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
5e28747dd875e98a37142b88afc399cd2298e0943976c542dd8f67c4f5dfd2c6
-
Size
1.5MB
-
MD5
3cbd3e3e72635ea641b33fe77996d180
-
SHA1
c4c440f08796947f6e8a0fa64fcd4c675901a7ed
-
SHA256
5e28747dd875e98a37142b88afc399cd2298e0943976c542dd8f67c4f5dfd2c6
-
SHA512
da92b16b9dbb51b146230f96f4efe5b92d75488d9554f2bb0a1909fdd6e9e19d8cc063d9a4d153050ce0c4a2c35229f3cbd11e51f677a82a8ab2e428921cca4c
-
SSDEEP
49152:YaKW5BKf1AfHE/uuMeS0NX30uOHtZIYoQ:24HEceS0d0MYo
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1