General

  • Target

    setup.exe

  • Size

    346KB

  • Sample

    230416-anbp9shh5s

  • MD5

    5ecbcb91a39bf3e2d14061a0bb7946ed

  • SHA1

    72c51f254867e8bde3a0984a4eb9057eaa05ff0e

  • SHA256

    87f8b19fad893802d91a2e618a1ca102419c3e22b00720991350c5a6eb36f4f1

  • SHA512

    f08165fb7661e5f6ea7c47b2a60519bf4da49eedf50bd50e3b086942a5ce836a3c4d3183b843178e8d9e08857335e3f18170b985635ab31cad980ae99f093a3d

  • SSDEEP

    6144:h2QQeA5/jPEFOSdEIKSkbFYSExtHOKJpH40FS7vbe4:h27e27EF3dEI7kp8Ompevq4

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      setup.exe

    • Size

      346KB

    • MD5

      5ecbcb91a39bf3e2d14061a0bb7946ed

    • SHA1

      72c51f254867e8bde3a0984a4eb9057eaa05ff0e

    • SHA256

      87f8b19fad893802d91a2e618a1ca102419c3e22b00720991350c5a6eb36f4f1

    • SHA512

      f08165fb7661e5f6ea7c47b2a60519bf4da49eedf50bd50e3b086942a5ce836a3c4d3183b843178e8d9e08857335e3f18170b985635ab31cad980ae99f093a3d

    • SSDEEP

      6144:h2QQeA5/jPEFOSdEIKSkbFYSExtHOKJpH40FS7vbe4:h27e27EF3dEI7kp8Ompevq4

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks