General
-
Target
SecuriteInfo.com.Variant.Zusy.457078.3413.2831.exe
-
Size
351KB
-
Sample
230414-y95ggadb9y
-
MD5
b686a15973003e26484f900b809f9dea
-
SHA1
ef98948ccdda4776b3b76c87f0369f19157f1c49
-
SHA256
5cb4329e2e5e2d43468d75e2892527faeeb4642c9bdcff9661992324502366de
-
SHA512
81e962b7684e5ba5ba6964b27c158a6c09fa0dbfb2567314349b1d32295b78e4ef133b0ab1037c804350d591fd9fe37901f2d6b62d7151804837284944759a7a
-
SSDEEP
6144:pVfvdv9is7FWA8Cnygabh5iSSxk37sj9Zc9bbnGt:pVf19iKFWTCnypbhMxGojrcpbn
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Zusy.457078.3413.2831.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Zusy.457078.3413.2831.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
SecuriteInfo.com.Variant.Zusy.457078.3413.2831.exe
-
Size
351KB
-
MD5
b686a15973003e26484f900b809f9dea
-
SHA1
ef98948ccdda4776b3b76c87f0369f19157f1c49
-
SHA256
5cb4329e2e5e2d43468d75e2892527faeeb4642c9bdcff9661992324502366de
-
SHA512
81e962b7684e5ba5ba6964b27c158a6c09fa0dbfb2567314349b1d32295b78e4ef133b0ab1037c804350d591fd9fe37901f2d6b62d7151804837284944759a7a
-
SSDEEP
6144:pVfvdv9is7FWA8Cnygabh5iSSxk37sj9Zc9bbnGt:pVf19iKFWTCnypbhMxGojrcpbn
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-