General
-
Target
76dd10a61c9c5b361d147bb841980200cc75fc1086c5db7291fc2461ed9e5292
-
Size
352KB
-
Sample
230415-z35pbshc7t
-
MD5
b3ae41657a5f9c89ae96caebb09c0021
-
SHA1
1a0b9b48864f8fff463b5b7e3fd2cc8911afe40d
-
SHA256
76dd10a61c9c5b361d147bb841980200cc75fc1086c5db7291fc2461ed9e5292
-
SHA512
67bdc643d7b6b99cdee587b313462cdb5b356d2450b895500d8cf9efbf561c72b79bc28e6b98d19722be9bf2b634691bfd51041bd4575af6fe322e4f51e82a60
-
SSDEEP
3072:KBM5C6ZYc9IXCSiIZspc+cp02SYzr61Kba1eVxIhPBjvb06Ecdrx65B5cFnbl+OL:OMuMGNwpsBEOrIhP9TsSHBwe4
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
76dd10a61c9c5b361d147bb841980200cc75fc1086c5db7291fc2461ed9e5292
-
Size
352KB
-
MD5
b3ae41657a5f9c89ae96caebb09c0021
-
SHA1
1a0b9b48864f8fff463b5b7e3fd2cc8911afe40d
-
SHA256
76dd10a61c9c5b361d147bb841980200cc75fc1086c5db7291fc2461ed9e5292
-
SHA512
67bdc643d7b6b99cdee587b313462cdb5b356d2450b895500d8cf9efbf561c72b79bc28e6b98d19722be9bf2b634691bfd51041bd4575af6fe322e4f51e82a60
-
SSDEEP
3072:KBM5C6ZYc9IXCSiIZspc+cp02SYzr61Kba1eVxIhPBjvb06Ecdrx65B5cFnbl+OL:OMuMGNwpsBEOrIhP9TsSHBwe4
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-