General
-
Target
SecuriteInfo.com.Variant.Zusy.457078.17704.8058.exe
-
Size
350KB
-
Sample
230414-v65fhscd6y
-
MD5
219d800f572dac1e1f592d20d539a614
-
SHA1
c220f2a07863ed8492835eaaf522a5cca4979985
-
SHA256
a5e2e1d4ae2ea2f1de7b448222962195698a6e82a0f890d5e2898f5b28d7b6f0
-
SHA512
985d6d59d89e8ccd6f0b2ab1b78e663bb592918a571ee1e46d42841da5adc835f3438d9b713f760d2077bdd5fd7a4aa619cc85f8d70b3b8579886a73a419aa5b
-
SSDEEP
6144:FQwP1XZPBG+SMPP5X6tBX0mi7WGVVceSLFRbbMut:FQK1VBGTMPPx6tl0RFnfSfb
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Zusy.457078.17704.8058.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Zusy.457078.17704.8058.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
SecuriteInfo.com.Variant.Zusy.457078.17704.8058.exe
-
Size
350KB
-
MD5
219d800f572dac1e1f592d20d539a614
-
SHA1
c220f2a07863ed8492835eaaf522a5cca4979985
-
SHA256
a5e2e1d4ae2ea2f1de7b448222962195698a6e82a0f890d5e2898f5b28d7b6f0
-
SHA512
985d6d59d89e8ccd6f0b2ab1b78e663bb592918a571ee1e46d42841da5adc835f3438d9b713f760d2077bdd5fd7a4aa619cc85f8d70b3b8579886a73a419aa5b
-
SSDEEP
6144:FQwP1XZPBG+SMPP5X6tBX0mi7WGVVceSLFRbbMut:FQK1VBGTMPPx6tl0RFnfSfb
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-