General

  • Target

    382670b9f828e7aebc912cc191fc0efefcad8bd37b516535cf092e7b18bc12cb

  • Size

    169KB

  • Sample

    240212-fhjrksdd77

  • MD5

    00acc5fcbdb53528822f6a837ab1afde

  • SHA1

    f25965ef0868e8bf62cbbb3aa03254b62ba6d842

  • SHA256

    382670b9f828e7aebc912cc191fc0efefcad8bd37b516535cf092e7b18bc12cb

  • SHA512

    6bec86f7229c4ebe16e49b4305d88d7a0eb84a5616e114ce40551b7882554398964cba51fa7bdabd2b2e693b3a4781d26ce06b9a8d6b37175888ebb5ccd15b64

  • SSDEEP

    3072:DSRs2eBx0o1qtoQlQYtgJH+sY9U+9gaADFO2:ScBxzqtTlNtgUsYk

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32
rc4.i32

Extracted

Family

amadey

Version

4.14

C2

http://anfesq.com

http://cbinr.com

http://rimakc.ru

Attributes
  • install_dir

    68fd3d7ade

  • install_file

    Utsysc.exe

  • strings_key

    27ec7fd6f50f63b8af0c1d3deefcc8fe

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      382670b9f828e7aebc912cc191fc0efefcad8bd37b516535cf092e7b18bc12cb

    • Size

      169KB

    • MD5

      00acc5fcbdb53528822f6a837ab1afde

    • SHA1

      f25965ef0868e8bf62cbbb3aa03254b62ba6d842

    • SHA256

      382670b9f828e7aebc912cc191fc0efefcad8bd37b516535cf092e7b18bc12cb

    • SHA512

      6bec86f7229c4ebe16e49b4305d88d7a0eb84a5616e114ce40551b7882554398964cba51fa7bdabd2b2e693b3a4781d26ce06b9a8d6b37175888ebb5ccd15b64

    • SSDEEP

      3072:DSRs2eBx0o1qtoQlQYtgJH+sY9U+9gaADFO2:ScBxzqtTlNtgUsYk

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks