General

  • Target

    ab2ecf18513984051ac89c051d1ea113.exe

  • Size

    352KB

  • Sample

    230418-hcw6tsaa59

  • MD5

    ab2ecf18513984051ac89c051d1ea113

  • SHA1

    ff9a7f02caa9209030a840c98a426e3d72a1f154

  • SHA256

    78c4f76d5f6dacc7d2759dea334aede899237a62be411e37371e010de670fc57

  • SHA512

    874e41c67babbaf18b401f5144ad9f0f3372451f9eae5078712a25d5c06fc5d299684b324200ad1a1b9a9262cda2f86d736b18cb6d91a6ff33857233e2b641fa

  • SSDEEP

    6144:fX6iCqzU+zlr+Z2MFstXVpvNQM8CJscIaiEn2M:fXTCiPzlr+vFuvNQOJGaiy/

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32
rc4.i32

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      ab2ecf18513984051ac89c051d1ea113.exe

    • Size

      352KB

    • MD5

      ab2ecf18513984051ac89c051d1ea113

    • SHA1

      ff9a7f02caa9209030a840c98a426e3d72a1f154

    • SHA256

      78c4f76d5f6dacc7d2759dea334aede899237a62be411e37371e010de670fc57

    • SHA512

      874e41c67babbaf18b401f5144ad9f0f3372451f9eae5078712a25d5c06fc5d299684b324200ad1a1b9a9262cda2f86d736b18cb6d91a6ff33857233e2b641fa

    • SSDEEP

      6144:fX6iCqzU+zlr+Z2MFstXVpvNQM8CJscIaiEn2M:fXTCiPzlr+vFuvNQOJGaiy/

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks