djvu | 03a83e440c0d1d8f9390f8edf180c54aa4111a39c2b00a05650e4d47e613c754

Sharing

General

Target

file.exe
Size

276KB
Sample

231123-lpxjxahh4v
MD5

d67acaddbe44a3febc3348f75a22888d
SHA1

3be875b32727db74827d630c042b2d0be5b622d2
SHA256

03a83e440c0d1d8f9390f8edf180c54aa4111a39c2b00a05650e4d47e613c754
SHA512

9ede4dd37984a784f856cbbc275fc567d885f55fc4af809c177ab17dc257e6eeef67d2ac182ee75090b99ce5d5305a9fe7367669d75ad11d02624da44eb7093a
SSDEEP

3072:nX0N0TTuUimSJFE4GGnTDUSMdxYw5YX0xpqopUTcIxAoUvt1Zq7:XxTFSTfJnMSMsBkxpFWy0

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

http://onualituyrs.org/

http://sumagulituyo.org/

http://snukerukeutit.org/

http://lightseinsteniki.org/

http://liuliuoumumy.org/

http://stualialuyastrelia.net/

http://kumbuyartyty.net/

http://criogetikfenbut.org/

http://tonimiuyaytre.org/

http://tyiuiunuewqy.org/

rc4.i32

Extracted

Family

redline

Botnet

1120

194.49.94.77:22888

Extracted

Family

djvu

http://zexeq.com/lancer/get.php

Attributes

extension
.iicc
offline_id
MI4io8cIlhyYsGaDxoKsbpWzfIe5lGPE0dYtrht1
payload_url
http://brusuax.com/dl/build2.exe
http://zexeq.com/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-Y6UIMfI736 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: support@freshmail.top Reserve e-mail address to contact us: datarestorehelp@airmail.cc Your personal ID: 0826ASdw

rsa_pubkey.plain

Extracted

Family

redline

Botnet

1122

194.49.94.77:22888

Extracted

Family

redline

Botnet

LogsDiller Cloud (Bot: @logsdillabot)

194.49.94.181:40264

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  276KB
- MD5
  
  d67acaddbe44a3febc3348f75a22888d
- SHA1
  
  3be875b32727db74827d630c042b2d0be5b622d2
- SHA256
  
  03a83e440c0d1d8f9390f8edf180c54aa4111a39c2b00a05650e4d47e613c754
- SHA512
  
  9ede4dd37984a784f856cbbc275fc567d885f55fc4af809c177ab17dc257e6eeef67d2ac182ee75090b99ce5d5305a9fe7367669d75ad11d02624da44eb7093a
- SSDEEP
  
  3072:nX0N0TTuUimSJFE4GGnTDUSMdxYw5YX0xpqopUTcIxAoUvt1Zq7:XxTFSTfJnMSMsBkxpFWy0
Score

10^/10

djvu redline smokeloader 1120 1122 logsdiller cloud (bot: @logsdillabot)backdoor discovery evasion infostealer ransomware themida trojan up3 upx
- Detected Djvu ransomware
- Djvu Ransomware
  Ransomware which is a variant of the STOP family.
  ransomware djvu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- Stops running service(s)
  evasion
- Deletes itself
- Modifies file permissions
  discovery
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2