General

  • Target

    783a8ab961e6dfba48458e01e96173b26c9241ebede3e67a36d7562dbc30fce3

  • Size

    352KB

  • Sample

    230414-yaplzabd87

  • MD5

    7ec2abf6005964579768881a4c978d29

  • SHA1

    2636bfb971d43f51bd898bbcb00da79fe065caba

  • SHA256

    783a8ab961e6dfba48458e01e96173b26c9241ebede3e67a36d7562dbc30fce3

  • SHA512

    7bb0035662edfd97757049985f866f1b0f48ec47ae8ee8ab9f24cd4e5de3e9f6b11eb3b163060a46c9843e923ef6de901c646760983bd48d80be3f2dd4fd8902

  • SSDEEP

    6144:LVzjvY3LlYbeTWM6VS355lE06HNLKKDvkR8SfWbb7t:LVzTY3BYbOWM135576HNLHwm2Mb

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      783a8ab961e6dfba48458e01e96173b26c9241ebede3e67a36d7562dbc30fce3

    • Size

      352KB

    • MD5

      7ec2abf6005964579768881a4c978d29

    • SHA1

      2636bfb971d43f51bd898bbcb00da79fe065caba

    • SHA256

      783a8ab961e6dfba48458e01e96173b26c9241ebede3e67a36d7562dbc30fce3

    • SHA512

      7bb0035662edfd97757049985f866f1b0f48ec47ae8ee8ab9f24cd4e5de3e9f6b11eb3b163060a46c9843e923ef6de901c646760983bd48d80be3f2dd4fd8902

    • SSDEEP

      6144:LVzjvY3LlYbeTWM6VS355lE06HNLKKDvkR8SfWbb7t:LVzTY3BYbOWM135576HNLHwm2Mb

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks