General

  • Target

    8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3

  • Size

    351KB

  • Sample

    230418-h473eabh5s

  • MD5

    f0c320128484ef6c5d83137a993cb55e

  • SHA1

    bbf1bce5cd13941aad2efada554cce71fb84b3c9

  • SHA256

    8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3

  • SHA512

    4bd510f44c7d9ef311980df13ce0bf6372d61b6b4420275c4d992d46832bcbb2d98bc0b823cf2d1440a81a57b0c9f7bb45e5be240042070d4f4f6c5d03baa4ff

  • SSDEEP

    6144:g6Vd52PrjAdLzMNM4sHF5VkY6ZvQzd65cn2i:g635CrsdLzMkHezYOKh

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3

    • Size

      351KB

    • MD5

      f0c320128484ef6c5d83137a993cb55e

    • SHA1

      bbf1bce5cd13941aad2efada554cce71fb84b3c9

    • SHA256

      8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3

    • SHA512

      4bd510f44c7d9ef311980df13ce0bf6372d61b6b4420275c4d992d46832bcbb2d98bc0b823cf2d1440a81a57b0c9f7bb45e5be240042070d4f4f6c5d03baa4ff

    • SSDEEP

      6144:g6Vd52PrjAdLzMNM4sHF5VkY6ZvQzd65cn2i:g635CrsdLzMkHezYOKh

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks