General
-
Target
c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0
-
Size
346KB
-
Sample
230416-adfw8sgc32
-
MD5
99d09bbf9eb3ea2864f7b540090ca89d
-
SHA1
d4901a3e1ef53bf27fa7e75d43421c3c9235976d
-
SHA256
c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0
-
SHA512
34231eca74f3c6b18ce8334065adef3689f92f73fbfe6984e672c82a9c0e15253daf6dd07fb452148669decbd85023bf426abb876586c8cb5b53517bf89123ca
-
SSDEEP
6144:Wo55tMv/wGVD4zOPSkOQIMhRpDkpvAnoYlc7Wjr5bbe4:WoPtopVD4zOKkHUvAnc7mlq4
Static task
static1
Behavioral task
behavioral1
Sample
c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0
-
Size
346KB
-
MD5
99d09bbf9eb3ea2864f7b540090ca89d
-
SHA1
d4901a3e1ef53bf27fa7e75d43421c3c9235976d
-
SHA256
c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0
-
SHA512
34231eca74f3c6b18ce8334065adef3689f92f73fbfe6984e672c82a9c0e15253daf6dd07fb452148669decbd85023bf426abb876586c8cb5b53517bf89123ca
-
SSDEEP
6144:Wo55tMv/wGVD4zOPSkOQIMhRpDkpvAnoYlc7Wjr5bbe4:WoPtopVD4zOKkHUvAnc7mlq4
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-