General
-
Target
30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.zip
-
Size
755KB
-
Sample
231119-3tx5nscg29
-
MD5
eb122a46cbccfa2bd05a39b0865fc289
-
SHA1
91a50dde426a4389106a6a8b923217f6bedd051c
-
SHA256
aae8a2533740717f592355c2305e15e79bc671db80ad5e4725467ceaa4bbcf52
-
SHA512
fe8c96b61f8c5eadb5a6da5fb0369eac93bb6357c7ea30c8b809c13233ab0dc5f3ad8997441570aeab14e2617d809583438b1d12bfa2bc4ef9cba85ad2cec0ec
-
SSDEEP
12288:0WcBt7jfbXYr+TlsKjfE1/+kw0pFyCR12A6PK5Q84b0o5ayHOjmgx3t4yyYEpcjJ:DutBTmyfWWx0pFyCgKmv5THOjmgx3ayz
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Targets
-
-
Target
30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe
-
Size
799KB
-
MD5
06e964d72a34dc9e1cc80e3a8fe9bdeb
-
SHA1
58f6a85a578901f1fa64ac9598e47eb121836843
-
SHA256
30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c
-
SHA512
59ceec8e5aa6453ecf8e6fae57251f88a07ad9b34665143c648e252a6f0af75479a5607839bb0a89621938d0afc340c37778b383a431b586ea4f1412304f1bfb
-
SSDEEP
24576:ry5rqmZj5AaeuIseC/GRLYDHILx4wqMwFY:e5rNZ9ZetJEGK0F49
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-