General

  • Target

    bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c

  • Size

    351KB

  • Sample

    230415-stqeqaee47

  • MD5

    b3350a62587b816d7d408882f427baa2

  • SHA1

    7a67223262176ed27a0ba583d4cf587404b8834e

  • SHA256

    bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c

  • SHA512

    a0b173757effeb3f545621240d30268dc5616a814bf9e1a917d7fc8769bca995f8132c806f96fdf580532c266e00e16ac69c5d9b156af28b8efc43b911d2fc58

  • SSDEEP

    6144:WbUpCMVT5IqSAddRYX3aF4y6EfBzIZLU8we4:WoD15I9AdLYX3w4yDBMLU8t4

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c

    • Size

      351KB

    • MD5

      b3350a62587b816d7d408882f427baa2

    • SHA1

      7a67223262176ed27a0ba583d4cf587404b8834e

    • SHA256

      bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c

    • SHA512

      a0b173757effeb3f545621240d30268dc5616a814bf9e1a917d7fc8769bca995f8132c806f96fdf580532c266e00e16ac69c5d9b156af28b8efc43b911d2fc58

    • SSDEEP

      6144:WbUpCMVT5IqSAddRYX3aF4y6EfBzIZLU8we4:WoD15I9AdLYX3w4yDBMLU8t4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks