General
-
Target
setup.exe
-
Size
346KB
-
Sample
230416-anbp9shh5s
-
MD5
5ecbcb91a39bf3e2d14061a0bb7946ed
-
SHA1
72c51f254867e8bde3a0984a4eb9057eaa05ff0e
-
SHA256
87f8b19fad893802d91a2e618a1ca102419c3e22b00720991350c5a6eb36f4f1
-
SHA512
f08165fb7661e5f6ea7c47b2a60519bf4da49eedf50bd50e3b086942a5ce836a3c4d3183b843178e8d9e08857335e3f18170b985635ab31cad980ae99f093a3d
-
SSDEEP
6144:h2QQeA5/jPEFOSdEIKSkbFYSExtHOKJpH40FS7vbe4:h27e27EF3dEI7kp8Ompevq4
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
setup.exe
-
Size
346KB
-
MD5
5ecbcb91a39bf3e2d14061a0bb7946ed
-
SHA1
72c51f254867e8bde3a0984a4eb9057eaa05ff0e
-
SHA256
87f8b19fad893802d91a2e618a1ca102419c3e22b00720991350c5a6eb36f4f1
-
SHA512
f08165fb7661e5f6ea7c47b2a60519bf4da49eedf50bd50e3b086942a5ce836a3c4d3183b843178e8d9e08857335e3f18170b985635ab31cad980ae99f093a3d
-
SSDEEP
6144:h2QQeA5/jPEFOSdEIKSkbFYSExtHOKJpH40FS7vbe4:h27e27EF3dEI7kp8Ompevq4
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-