General
-
Target
b87577df851960649e52cebb4796bd489ab28293f708d1a404b0cc06f16aad39
-
Size
258KB
-
Sample
230405-lx64bada28
-
MD5
11ad8bdbbdfee754a25adcc84624f7b3
-
SHA1
08c0a461cda758d3b18f072321d9642841602662
-
SHA256
b87577df851960649e52cebb4796bd489ab28293f708d1a404b0cc06f16aad39
-
SHA512
f981089b29634d9d87c8362c045d38388da90fac0b85314c63a6b94dad0ade955a1482e35c5a46c0e8fd335bf91709c40ee3754eb0a7598486e3f7124ed2a3de
-
SSDEEP
3072:/hxLhKAJQzyLylplF++o2n8zWWOhBhG5BqBHNET1B+s5xLvjf:jyzyLKlD8zHgPBw1n/
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
bumblebee
inst
194.15.216.247:443
23.106.215.141:443
104.168.244.96:443
51.83.255.85:443
192.119.81.86:443
Targets
-
-
Target
b87577df851960649e52cebb4796bd489ab28293f708d1a404b0cc06f16aad39
-
Size
258KB
-
MD5
11ad8bdbbdfee754a25adcc84624f7b3
-
SHA1
08c0a461cda758d3b18f072321d9642841602662
-
SHA256
b87577df851960649e52cebb4796bd489ab28293f708d1a404b0cc06f16aad39
-
SHA512
f981089b29634d9d87c8362c045d38388da90fac0b85314c63a6b94dad0ade955a1482e35c5a46c0e8fd335bf91709c40ee3754eb0a7598486e3f7124ed2a3de
-
SSDEEP
3072:/hxLhKAJQzyLylplF++o2n8zWWOhBhG5BqBHNET1B+s5xLvjf:jyzyLKlD8zHgPBw1n/
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-