General

  • Target

    70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e

  • Size

    351KB

  • Sample

    230414-wbrrlsah59

  • MD5

    f9af8eb7c1274c4ffcecc522efd70ebd

  • SHA1

    ce5b80a73110cf5cbfbec737630367430f0ca3ff

  • SHA256

    70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e

  • SHA512

    4ec99c89ba095eea34e4af517f9a57b089a747fa42e1b617e85dd4c5bd19949d8265fcbd47057b15f9c95f885e36144e17e981bab0f428d6e4f68e8528a52e61

  • SSDEEP

    6144:CVvv1SKsCXdxGGEq0sM+OtHTbbRcmbb0gt:CVvIKsmLGGEZsMPnlccb0

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e

    • Size

      351KB

    • MD5

      f9af8eb7c1274c4ffcecc522efd70ebd

    • SHA1

      ce5b80a73110cf5cbfbec737630367430f0ca3ff

    • SHA256

      70cfd4ce7c4a09afdcd66149f218242fea3a2e7eab36ea0d2138d7817985025e

    • SHA512

      4ec99c89ba095eea34e4af517f9a57b089a747fa42e1b617e85dd4c5bd19949d8265fcbd47057b15f9c95f885e36144e17e981bab0f428d6e4f68e8528a52e61

    • SSDEEP

      6144:CVvv1SKsCXdxGGEq0sM+OtHTbbRcmbb0gt:CVvIKsmLGGEZsMPnlccb0

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks