General
-
Target
8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3
-
Size
351KB
-
Sample
230418-h473eabh5s
-
MD5
f0c320128484ef6c5d83137a993cb55e
-
SHA1
bbf1bce5cd13941aad2efada554cce71fb84b3c9
-
SHA256
8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3
-
SHA512
4bd510f44c7d9ef311980df13ce0bf6372d61b6b4420275c4d992d46832bcbb2d98bc0b823cf2d1440a81a57b0c9f7bb45e5be240042070d4f4f6c5d03baa4ff
-
SSDEEP
6144:g6Vd52PrjAdLzMNM4sHF5VkY6ZvQzd65cn2i:g635CrsdLzMkHezYOKh
Static task
static1
Behavioral task
behavioral1
Sample
8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3.exe
Resource
win10-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Extracted
rhadamanthys
http://179.43.142.201/img/favicon.png
Targets
-
-
Target
8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3
-
Size
351KB
-
MD5
f0c320128484ef6c5d83137a993cb55e
-
SHA1
bbf1bce5cd13941aad2efada554cce71fb84b3c9
-
SHA256
8d60d3941520a7afc4338eeeb5dd72f2e45e4cc686260bb69203950b43051de3
-
SHA512
4bd510f44c7d9ef311980df13ce0bf6372d61b6b4420275c4d992d46832bcbb2d98bc0b823cf2d1440a81a57b0c9f7bb45e5be240042070d4f4f6c5d03baa4ff
-
SSDEEP
6144:g6Vd52PrjAdLzMNM4sHF5VkY6ZvQzd65cn2i:g635CrsdLzMkHezYOKh
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-