General
-
Target
70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e
-
Size
351KB
-
Sample
230414-wbrrlsah59
-
MD5
f9af8eb7c1274c4ffcecc522efd70ebd
-
SHA1
ce5b80a73110cf5cbfbec737630367430f0ca3ff
-
SHA256
70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e
-
SHA512
4ec99c89ba095eea34e4af517f9a57b089a747fa42e1b617e85dd4c5bd19949d8265fcbd47057b15f9c95f885e36144e17e981bab0f428d6e4f68e8528a52e61
-
SSDEEP
6144:CVvv1SKsCXdxGGEq0sM+OtHTbbRcmbb0gt:CVvIKsmLGGEZsMPnlccb0
Static task
static1
Behavioral task
behavioral1
Sample
70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e
-
Size
351KB
-
MD5
f9af8eb7c1274c4ffcecc522efd70ebd
-
SHA1
ce5b80a73110cf5cbfbec737630367430f0ca3ff
-
SHA256
70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e
-
SHA512
4ec99c89ba095eea34e4af517f9a57b089a747fa42e1b617e85dd4c5bd19949d8265fcbd47057b15f9c95f885e36144e17e981bab0f428d6e4f68e8528a52e61
-
SSDEEP
6144:CVvv1SKsCXdxGGEq0sM+OtHTbbRcmbb0gt:CVvIKsmLGGEZsMPnlccb0
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-