General

  • Target

    73abcf36bebe7fe725dd0ac7b7dfafe13572b6dcc3f3e6ca8b9c1329b43648a1

  • Size

    352KB

  • Sample

    230415-q2qdksfg6x

  • MD5

    005a01ca85dd07925406bc75012374fc

  • SHA1

    ea867e76596ca39b5f71d2c2e0ae64de75bd1b7d

  • SHA256

    73abcf36bebe7fe725dd0ac7b7dfafe13572b6dcc3f3e6ca8b9c1329b43648a1

  • SHA512

    fae49acb01c90cf855a79813e6e3ffc90434245cd2cb7b1f9a7d9a753241a025486dc637d99bb91faeaaef5b047eb486bf05ebf05f90f972e3349a341d06aa99

  • SSDEEP

    6144:/2pCM5m2yZbIAot2b6lo8DfPr4jyduZVB7we4:/2Do2yFIAot2boo8jrIiUVB7t4

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      73abcf36bebe7fe725dd0ac7b7dfafe13572b6dcc3f3e6ca8b9c1329b43648a1

    • Size

      352KB

    • MD5

      005a01ca85dd07925406bc75012374fc

    • SHA1

      ea867e76596ca39b5f71d2c2e0ae64de75bd1b7d

    • SHA256

      73abcf36bebe7fe725dd0ac7b7dfafe13572b6dcc3f3e6ca8b9c1329b43648a1

    • SHA512

      fae49acb01c90cf855a79813e6e3ffc90434245cd2cb7b1f9a7d9a753241a025486dc637d99bb91faeaaef5b047eb486bf05ebf05f90f972e3349a341d06aa99

    • SSDEEP

      6144:/2pCM5m2yZbIAot2b6lo8DfPr4jyduZVB7we4:/2Do2yFIAot2boo8jrIiUVB7t4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks