General
-
Target
c64f7ea203c8996ae29241fd6bb5c263f6eb7e8e59a463d4494553d813ce1314
-
Size
1.4MB
-
Sample
231112-tathpshc52
-
MD5
07175f10680d3c5d448c3c9884e34348
-
SHA1
f6b14b5e70860470adebe507594411a00c396600
-
SHA256
c64f7ea203c8996ae29241fd6bb5c263f6eb7e8e59a463d4494553d813ce1314
-
SHA512
47ceea9b426976391a36abaef7f0969cd13bad250e38794a2b9068bbdde72389bf791b0c76767e6e3780ad52d201ed5f3cd1ca38bd19c1d3bdccd98b72e43c17
-
SSDEEP
24576:ryNAuIbrs4UnfJvSefIsrLhG+aCDTs4MrXYlKqnnelt9iXzIED+4dx0:eNAuI3UhKewwNGU7M2e2zIED+i
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
taiga
5.42.92.51:19057
Extracted
stealc
http://77.91.68.247
-
url_path
/c36258786fdc16da.php
Extracted
smokeloader
up3
Targets
-
-
Target
c64f7ea203c8996ae29241fd6bb5c263f6eb7e8e59a463d4494553d813ce1314
-
Size
1.4MB
-
MD5
07175f10680d3c5d448c3c9884e34348
-
SHA1
f6b14b5e70860470adebe507594411a00c396600
-
SHA256
c64f7ea203c8996ae29241fd6bb5c263f6eb7e8e59a463d4494553d813ce1314
-
SHA512
47ceea9b426976391a36abaef7f0969cd13bad250e38794a2b9068bbdde72389bf791b0c76767e6e3780ad52d201ed5f3cd1ca38bd19c1d3bdccd98b72e43c17
-
SSDEEP
24576:ryNAuIbrs4UnfJvSefIsrLhG+aCDTs4MrXYlKqnnelt9iXzIED+4dx0:eNAuI3UhKewwNGU7M2e2zIED+i
Score10/10-
Detect Mystic stealer payload
-
Detect ZGRat V1
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-