General

  • Target

    aac897188aaea0bd002be4ad4fee1886a9cb1ffb00339b05d414bfaff8158917

  • Size

    352KB

  • Sample

    230415-v8236sge4v

  • MD5

    bb9c6e0ae46910d7096e6a2be0d78813

  • SHA1

    11f07cf48ee5204e774e9f2584115c9346465c52

  • SHA256

    aac897188aaea0bd002be4ad4fee1886a9cb1ffb00339b05d414bfaff8158917

  • SHA512

    e67166e50c08dfca71c21fd949c8b8d9acf19ae6ab2d83e3f0f545dfe2733b963774d0c717038fa7d2cb74bebc9521a5b5d354a1e8ce13b4a2ca52c2c24e8ca4

  • SSDEEP

    3072:5B15CxKEYGRxWB6WZuYLeceWy4T6S4qHwa1eUk4cdzL8TibmEl0ZLitTBsWEB5c5:z1dbGfC8YT+82UrKti6tTBsWblwe4

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      aac897188aaea0bd002be4ad4fee1886a9cb1ffb00339b05d414bfaff8158917

    • Size

      352KB

    • MD5

      bb9c6e0ae46910d7096e6a2be0d78813

    • SHA1

      11f07cf48ee5204e774e9f2584115c9346465c52

    • SHA256

      aac897188aaea0bd002be4ad4fee1886a9cb1ffb00339b05d414bfaff8158917

    • SHA512

      e67166e50c08dfca71c21fd949c8b8d9acf19ae6ab2d83e3f0f545dfe2733b963774d0c717038fa7d2cb74bebc9521a5b5d354a1e8ce13b4a2ca52c2c24e8ca4

    • SSDEEP

      3072:5B15CxKEYGRxWB6WZuYLeceWy4T6S4qHwa1eUk4cdzL8TibmEl0ZLitTBsWEB5c5:z1dbGfC8YT+82UrKti6tTBsWblwe4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks