General

  • Target

    ecef570006b97facff4930711c18b2be2a58fdbd51156ced471d9386b45ade43

  • Size

    347KB

  • Sample

    230416-j8qvcsbb4s

  • MD5

    d4a285e8a27593aaeac9645b47777407

  • SHA1

    7dca270b40cf80b37e1e7e1545e78fad0ffe9ed1

  • SHA256

    ecef570006b97facff4930711c18b2be2a58fdbd51156ced471d9386b45ade43

  • SHA512

    672bf3c2fecd8a4ca01199f85fdd93980a3779073687c1074405f90947cfc499ce29f1154da7fc1be351702754db4e7ec7ed930649bf9717b513d68ddde08088

  • SSDEEP

    6144:IRw+S0i95YDQq5k6zEpZof1KpWJ91a+inRr9bUYyR:IRZSRkDQq5k6ApWN791LK9bA

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      ecef570006b97facff4930711c18b2be2a58fdbd51156ced471d9386b45ade43

    • Size

      347KB

    • MD5

      d4a285e8a27593aaeac9645b47777407

    • SHA1

      7dca270b40cf80b37e1e7e1545e78fad0ffe9ed1

    • SHA256

      ecef570006b97facff4930711c18b2be2a58fdbd51156ced471d9386b45ade43

    • SHA512

      672bf3c2fecd8a4ca01199f85fdd93980a3779073687c1074405f90947cfc499ce29f1154da7fc1be351702754db4e7ec7ed930649bf9717b513d68ddde08088

    • SSDEEP

      6144:IRw+S0i95YDQq5k6zEpZof1KpWJ91a+inRr9bUYyR:IRZSRkDQq5k6ApWN791LK9bA

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks