General

  • Target

    c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0

  • Size

    346KB

  • Sample

    230416-adfw8sgc32

  • MD5

    99d09bbf9eb3ea2864f7b540090ca89d

  • SHA1

    d4901a3e1ef53bf27fa7e75d43421c3c9235976d

  • SHA256

    c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0

  • SHA512

    34231eca74f3c6b18ce8334065adef3689f92f73fbfe6984e672c82a9c0e15253daf6dd07fb452148669decbd85023bf426abb876586c8cb5b53517bf89123ca

  • SSDEEP

    6144:Wo55tMv/wGVD4zOPSkOQIMhRpDkpvAnoYlc7Wjr5bbe4:WoPtopVD4zOKkHUvAnc7mlq4

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0

    • Size

      346KB

    • MD5

      99d09bbf9eb3ea2864f7b540090ca89d

    • SHA1

      d4901a3e1ef53bf27fa7e75d43421c3c9235976d

    • SHA256

      c65c78ca35a3edf7fc8d4150bb77c788651bad8c5a54888bd8d366f8ec8bdac0

    • SHA512

      34231eca74f3c6b18ce8334065adef3689f92f73fbfe6984e672c82a9c0e15253daf6dd07fb452148669decbd85023bf426abb876586c8cb5b53517bf89123ca

    • SSDEEP

      6144:Wo55tMv/wGVD4zOPSkOQIMhRpDkpvAnoYlc7Wjr5bbe4:WoPtopVD4zOKkHUvAnc7mlq4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks