General
-
Target
15015df0f2162b04aa3ec51ba5564ded4798868fe4560128efab1a816449b306
-
Size
350KB
-
Sample
230415-dk6ysacg97
-
MD5
c95c0e49090ef50b2756687ba45466d4
-
SHA1
d233cba6b0d12aa2a1fc0dae01d312c03746ebbf
-
SHA256
15015df0f2162b04aa3ec51ba5564ded4798868fe4560128efab1a816449b306
-
SHA512
e12edec02fe96a017ef7ec38a7067c66689a738968fac79724388fc46990608f00d67b2974a0030bda5adbcad89dba8fcbd91f76ea3f6d5feb08098f21c76de4
-
SSDEEP
3072:xMaLCAQ3zCb1gQ2Qfzdgi1DGickrlEPfIyOzbuDtW92SoNIUvSGL4Oy/D2Sv6dz:FLOCpD2at1D2IWDIJI4S4rTi
Static task
static1
Behavioral task
behavioral1
Sample
15015df0f2162b04aa3ec51ba5564ded4798868fe4560128efab1a816449b306.exe
Resource
win10-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
15015df0f2162b04aa3ec51ba5564ded4798868fe4560128efab1a816449b306
-
Size
350KB
-
MD5
c95c0e49090ef50b2756687ba45466d4
-
SHA1
d233cba6b0d12aa2a1fc0dae01d312c03746ebbf
-
SHA256
15015df0f2162b04aa3ec51ba5564ded4798868fe4560128efab1a816449b306
-
SHA512
e12edec02fe96a017ef7ec38a7067c66689a738968fac79724388fc46990608f00d67b2974a0030bda5adbcad89dba8fcbd91f76ea3f6d5feb08098f21c76de4
-
SSDEEP
3072:xMaLCAQ3zCb1gQ2Qfzdgi1DGickrlEPfIyOzbuDtW92SoNIUvSGL4Oy/D2Sv6dz:FLOCpD2at1D2IWDIJI4S4rTi
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-