Extracted

• • Target

    cdd8083cd19e16e2684188850142399fe9e0b546f986aa56a520a2d0a481446f

  • Size

    258KB

  • MD5

    ce4d81b9eae32702f7d36fef3a11d4e4

  • SHA1

    e2b39a9b44b860b53b2843a2d7608365cfcf38fb

  • SHA256

    cdd8083cd19e16e2684188850142399fe9e0b546f986aa56a520a2d0a481446f

  • SHA512

    fbfded2ca180c42a282b747a24b0e323be83cbb790b740cf24b3801e1164056041f19c1363dba532c68030b428b15bdf8b05ce89ebba3d69c913b224bf982e18

  • SSDEEP

    6144:GCu1sFLzC0eQJwQABVSmONIk/qtCOWaGC/U4zqQna:GCu1qHC/Q9kSmxVbj/FP

  Score

  10^/10

  lummarhadamanthyssmokeloaderbackdoorspywarestealertrojan

  • Detect rhadamanthys stealer shellcode

  • Detects Smokeloader packer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware
  behavioral1