General

  • Target

    2017f8ae826ff7da644813991b478cc67d779732dba8e28faeea9313d4df6115

  • Size

    351KB

  • Sample

    230414-18385adf6z

  • MD5

    86a3597ea68f5e7251ffc331945bd9f3

  • SHA1

    2ab5b10d953a499dcc304f8ab322a25b0741f1ff

  • SHA256

    2017f8ae826ff7da644813991b478cc67d779732dba8e28faeea9313d4df6115

  • SHA512

    3c59bd380d09db380653300abeb17c03473cc7ae1bc0d6bc0a1e94accc922a63d7df877901f5ab12116118b0cb553fa5731a882892252c990fa64b1d8534574b

  • SSDEEP

    6144:hxNn1Ire0M+cApLunC7+6P3FebJM0VJj8k0Mxi:hx1WrvAApLGC7HCa4j8km

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      2017f8ae826ff7da644813991b478cc67d779732dba8e28faeea9313d4df6115

    • Size

      351KB

    • MD5

      86a3597ea68f5e7251ffc331945bd9f3

    • SHA1

      2ab5b10d953a499dcc304f8ab322a25b0741f1ff

    • SHA256

      2017f8ae826ff7da644813991b478cc67d779732dba8e28faeea9313d4df6115

    • SHA512

      3c59bd380d09db380653300abeb17c03473cc7ae1bc0d6bc0a1e94accc922a63d7df877901f5ab12116118b0cb553fa5731a882892252c990fa64b1d8534574b

    • SSDEEP

      6144:hxNn1Ire0M+cApLunC7+6P3FebJM0VJj8k0Mxi:hx1WrvAApLGC7HCa4j8km

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks