General
-
Target
5f23eb72d5651967c1fc91f4dbcc8baf9383801d28ab0e463824d55108abd603
-
Size
351KB
-
Sample
230415-bp88laeb21
-
MD5
125bd43136a2cd9a67bc303038d67c13
-
SHA1
92a33b34af7a7d012120275cc4ce265e47984e04
-
SHA256
5f23eb72d5651967c1fc91f4dbcc8baf9383801d28ab0e463824d55108abd603
-
SHA512
dc747b3773892c33d9c89f0a1968e1642483b7155b385edb77e92a149d96ffdb1bc9c2c2919c1bba2de75f3eedc21dfa9037198681f9cab34e3c6453c2499686
-
SSDEEP
3072:ufapCAa/zybPg1w0yOBg+c11Nc3tdZDKTJDfbudGAg7lGsQOdHNqhiUPI4pMsJcP:PpIyjKw8Vc1e64MkzwNqAUN9XhWOTi
Static task
static1
Behavioral task
behavioral1
Sample
5f23eb72d5651967c1fc91f4dbcc8baf9383801d28ab0e463824d55108abd603.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
5f23eb72d5651967c1fc91f4dbcc8baf9383801d28ab0e463824d55108abd603
-
Size
351KB
-
MD5
125bd43136a2cd9a67bc303038d67c13
-
SHA1
92a33b34af7a7d012120275cc4ce265e47984e04
-
SHA256
5f23eb72d5651967c1fc91f4dbcc8baf9383801d28ab0e463824d55108abd603
-
SHA512
dc747b3773892c33d9c89f0a1968e1642483b7155b385edb77e92a149d96ffdb1bc9c2c2919c1bba2de75f3eedc21dfa9037198681f9cab34e3c6453c2499686
-
SSDEEP
3072:ufapCAa/zybPg1w0yOBg+c11Nc3tdZDKTJDfbudGAg7lGsQOdHNqhiUPI4pMsJcP:PpIyjKw8Vc1e64MkzwNqAUN9XhWOTi
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-