General

  • Target

    5cb4329e2e5e2d43468d75e2892527faeeb4642c9bdcff9661992324502366de

  • Size

    351KB

  • Sample

    230414-wpa11sce6y

  • MD5

    b686a15973003e26484f900b809f9dea

  • SHA1

    ef98948ccdda4776b3b76c87f0369f19157f1c49

  • SHA256

    5cb4329e2e5e2d43468d75e2892527faeeb4642c9bdcff9661992324502366de

  • SHA512

    81e962b7684e5ba5ba6964b27c158a6c09fa0dbfb2567314349b1d32295b78e4ef133b0ab1037c804350d591fd9fe37901f2d6b62d7151804837284944759a7a

  • SSDEEP

    6144:pVfvdv9is7FWA8Cnygabh5iSSxk37sj9Zc9bbnGt:pVf19iKFWTCnypbhMxGojrcpbn

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      5cb4329e2e5e2d43468d75e2892527faeeb4642c9bdcff9661992324502366de

    • Size

      351KB

    • MD5

      b686a15973003e26484f900b809f9dea

    • SHA1

      ef98948ccdda4776b3b76c87f0369f19157f1c49

    • SHA256

      5cb4329e2e5e2d43468d75e2892527faeeb4642c9bdcff9661992324502366de

    • SHA512

      81e962b7684e5ba5ba6964b27c158a6c09fa0dbfb2567314349b1d32295b78e4ef133b0ab1037c804350d591fd9fe37901f2d6b62d7151804837284944759a7a

    • SSDEEP

      6144:pVfvdv9is7FWA8Cnygabh5iSSxk37sj9Zc9bbnGt:pVf19iKFWTCnypbhMxGojrcpbn

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks