General

  • Target

    SecuriteInfo.com.Variant.Zusy.457078.17704.8058.exe

  • Size

    350KB

  • Sample

    230414-v65fhscd6y

  • MD5

    219d800f572dac1e1f592d20d539a614

  • SHA1

    c220f2a07863ed8492835eaaf522a5cca4979985

  • SHA256

    a5e2e1d4ae2ea2f1de7b448222962195698a6e82a0f890d5e2898f5b28d7b6f0

  • SHA512

    985d6d59d89e8ccd6f0b2ab1b78e663bb592918a571ee1e46d42841da5adc835f3438d9b713f760d2077bdd5fd7a4aa619cc85f8d70b3b8579886a73a419aa5b

  • SSDEEP

    6144:FQwP1XZPBG+SMPP5X6tBX0mi7WGVVceSLFRbbMut:FQK1VBGTMPPx6tl0RFnfSfb

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      SecuriteInfo.com.Variant.Zusy.457078.17704.8058.exe

    • Size

      350KB

    • MD5

      219d800f572dac1e1f592d20d539a614

    • SHA1

      c220f2a07863ed8492835eaaf522a5cca4979985

    • SHA256

      a5e2e1d4ae2ea2f1de7b448222962195698a6e82a0f890d5e2898f5b28d7b6f0

    • SHA512

      985d6d59d89e8ccd6f0b2ab1b78e663bb592918a571ee1e46d42841da5adc835f3438d9b713f760d2077bdd5fd7a4aa619cc85f8d70b3b8579886a73a419aa5b

    • SSDEEP

      6144:FQwP1XZPBG+SMPP5X6tBX0mi7WGVVceSLFRbbMut:FQK1VBGTMPPx6tl0RFnfSfb

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks