General
-
Target
bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c
-
Size
351KB
-
Sample
230415-stqeqaee47
-
MD5
b3350a62587b816d7d408882f427baa2
-
SHA1
7a67223262176ed27a0ba583d4cf587404b8834e
-
SHA256
bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c
-
SHA512
a0b173757effeb3f545621240d30268dc5616a814bf9e1a917d7fc8769bca995f8132c806f96fdf580532c266e00e16ac69c5d9b156af28b8efc43b911d2fc58
-
SSDEEP
6144:WbUpCMVT5IqSAddRYX3aF4y6EfBzIZLU8we4:WoD15I9AdLYX3w4yDBMLU8t4
Static task
static1
Behavioral task
behavioral1
Sample
bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c.exe
Resource
win10-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c
-
Size
351KB
-
MD5
b3350a62587b816d7d408882f427baa2
-
SHA1
7a67223262176ed27a0ba583d4cf587404b8834e
-
SHA256
bc2c568621d5070ae1b3e42ec8a2f91a7433fea2ccf2cd3524b756ae9b9ad48c
-
SHA512
a0b173757effeb3f545621240d30268dc5616a814bf9e1a917d7fc8769bca995f8132c806f96fdf580532c266e00e16ac69c5d9b156af28b8efc43b911d2fc58
-
SSDEEP
6144:WbUpCMVT5IqSAddRYX3aF4y6EfBzIZLU8we4:WoD15I9AdLYX3w4yDBMLU8t4
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-