General

  • Target

    02335e5e903b93b2d7e89938d19ece771ebc6f972e9ea7900b0d991e42ae049b

  • Size

    347KB

  • Sample

    230416-a4befagd48

  • MD5

    8fb7e8bb4b91c68c34ce9573f0628e0e

  • SHA1

    f54219aaf014a528278681ecd731ef75f9f856a9

  • SHA256

    02335e5e903b93b2d7e89938d19ece771ebc6f972e9ea7900b0d991e42ae049b

  • SHA512

    1e9b28c233ae0e5021d9207b4f58e23b835e39bb1ba4c391d66411380e1069b61206e3d7e489a3a29717c9d061ad997bab783e6388d732084f50d1256ac85a4d

  • SSDEEP

    6144:VkCqdA2EXYn8BKEhETP5/tMQEqBXCLzbe4:Vk7dZln8BKEuTNXkLzq4

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      02335e5e903b93b2d7e89938d19ece771ebc6f972e9ea7900b0d991e42ae049b

    • Size

      347KB

    • MD5

      8fb7e8bb4b91c68c34ce9573f0628e0e

    • SHA1

      f54219aaf014a528278681ecd731ef75f9f856a9

    • SHA256

      02335e5e903b93b2d7e89938d19ece771ebc6f972e9ea7900b0d991e42ae049b

    • SHA512

      1e9b28c233ae0e5021d9207b4f58e23b835e39bb1ba4c391d66411380e1069b61206e3d7e489a3a29717c9d061ad997bab783e6388d732084f50d1256ac85a4d

    • SSDEEP

      6144:VkCqdA2EXYn8BKEhETP5/tMQEqBXCLzbe4:Vk7dZln8BKEuTNXkLzq4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks